1 /*
2 * SSL client with certificate authentication
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6 */
7
8 #define MBEDTLS_ALLOW_PRIVATE_ACCESS
9
10 #include "ssl_test_lib.h"
11
12 #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
13 #include "test/psa_crypto_helpers.h"
14 #endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
15
16 #if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)
main(void)17 int main(void)
18 {
19 mbedtls_printf(MBEDTLS_SSL_TEST_IMPOSSIBLE);
20 mbedtls_exit(0);
21 }
22 #elif !defined(MBEDTLS_SSL_CLI_C)
main(void)23 int main(void)
24 {
25 mbedtls_printf("MBEDTLS_SSL_CLI_C not defined.\n");
26 mbedtls_exit(0);
27 }
28 #else /* !MBEDTLS_SSL_TEST_IMPOSSIBLE && MBEDTLS_SSL_CLI_C */
29
30 /* Size of memory to be allocated for the heap, when using the library's memory
31 * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */
32 #define MEMORY_HEAP_SIZE 120000
33
34 #define MAX_REQUEST_SIZE 20000
35 #define MAX_REQUEST_SIZE_STR "20000"
36
37 #define DFL_SERVER_NAME "localhost"
38 #define DFL_SERVER_ADDR NULL
39 #define DFL_SERVER_PORT "4433"
40 #define DFL_REQUEST_PAGE "/"
41 #define DFL_REQUEST_SIZE -1
42 #define DFL_DEBUG_LEVEL 0
43 #define DFL_CONTEXT_CRT_CB 0
44 #define DFL_NBIO 0
45 #define DFL_EVENT 0
46 #define DFL_READ_TIMEOUT 0
47 #define DFL_MAX_RESEND 0
48 #define DFL_CA_FILE ""
49 #define DFL_CA_PATH ""
50 #define DFL_CRT_FILE ""
51 #define DFL_KEY_FILE ""
52 #define DFL_KEY_OPAQUE 0
53 #define DFL_KEY_PWD ""
54 #define DFL_PSK ""
55 #define DFL_EARLY_DATA -1
56 #define DFL_PSK_OPAQUE 0
57 #define DFL_PSK_IDENTITY "Client_identity"
58 #define DFL_ECJPAKE_PW NULL
59 #define DFL_ECJPAKE_PW_OPAQUE 0
60 #define DFL_EC_MAX_OPS -1
61 #define DFL_FORCE_CIPHER 0
62 #define DFL_TLS1_3_KEX_MODES MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL
63 #define DFL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION_DISABLED
64 #define DFL_ALLOW_LEGACY -2
65 #define DFL_RENEGOTIATE 0
66 #define DFL_EXCHANGES 1
67 #define DFL_MIN_VERSION -1
68 #define DFL_MAX_VERSION -1
69 #define DFL_SHA1 -1
70 #define DFL_AUTH_MODE -1
71 #define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
72 #define DFL_TRUNC_HMAC -1
73 #define DFL_RECSPLIT -1
74 #define DFL_DHMLEN -1
75 #define DFL_RECONNECT 0
76 #define DFL_RECO_SERVER_NAME NULL
77 #define DFL_RECO_DELAY 0
78 #define DFL_RECO_MODE 1
79 #define DFL_CID_ENABLED 0
80 #define DFL_CID_VALUE ""
81 #define DFL_CID_ENABLED_RENEGO -1
82 #define DFL_CID_VALUE_RENEGO NULL
83 #define DFL_RECONNECT_HARD 0
84 #define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED
85 #define DFL_ALPN_STRING NULL
86 #define DFL_GROUPS NULL
87 #define DFL_SIG_ALGS NULL
88 #define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM
89 #define DFL_HS_TO_MIN 0
90 #define DFL_HS_TO_MAX 0
91 #define DFL_DTLS_MTU -1
92 #define DFL_DGRAM_PACKING 1
93 #define DFL_FALLBACK -1
94 #define DFL_EXTENDED_MS -1
95 #define DFL_ETM -1
96 #define DFL_SERIALIZE 0
97 #define DFL_CONTEXT_FILE ""
98 #define DFL_EXTENDED_MS_ENFORCE -1
99 #define DFL_CA_CALLBACK 0
100 #define DFL_EAP_TLS 0
101 #define DFL_REPRODUCIBLE 0
102 #define DFL_NSS_KEYLOG 0
103 #define DFL_NSS_KEYLOG_FILE NULL
104 #define DFL_SKIP_CLOSE_NOTIFY 0
105 #define DFL_QUERY_CONFIG_MODE 0
106 #define DFL_USE_SRTP 0
107 #define DFL_SRTP_FORCE_PROFILE 0
108 #define DFL_SRTP_MKI ""
109 #define DFL_KEY_OPAQUE_ALG "none"
110
111 #define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: "
112 #define GET_REQUEST_END "\r\n\r\n"
113
114 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
115 #define USAGE_CONTEXT_CRT_CB \
116 " context_crt_cb=%%d This determines whether the CRT verification callback is bound\n" \
117 " to the SSL configuration of the SSL context.\n" \
118 " Possible values:\n" \
119 " - 0 (default): Use CRT callback bound to configuration\n" \
120 " - 1: Use CRT callback bound to SSL context\n"
121 #else
122 #define USAGE_CONTEXT_CRT_CB ""
123 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
124 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
125 #if defined(MBEDTLS_FS_IO)
126 #define USAGE_IO \
127 " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
128 " default: \"\" (pre-loaded)\n" \
129 " use \"none\" to skip loading any top-level CAs.\n" \
130 " ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \
131 " default: \"\" (pre-loaded) (overrides ca_file)\n" \
132 " use \"none\" to skip loading any top-level CAs.\n" \
133 " crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \
134 " default: \"\" (pre-loaded)\n" \
135 " key_file=%%s default: \"\" (pre-loaded)\n" \
136 " key_pwd=%%s Password for key specified by key_file argument\n" \
137 " default: none\n"
138 #else
139 #define USAGE_IO \
140 " No file operations available (MBEDTLS_FS_IO not defined)\n"
141 #endif /* MBEDTLS_FS_IO */
142 #else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
143 #define USAGE_IO ""
144 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
145 #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
146 #define USAGE_KEY_OPAQUE \
147 " key_opaque=%%d Handle your private key as if it were opaque\n" \
148 " default: 0 (disabled)\n"
149 #else
150 #define USAGE_KEY_OPAQUE ""
151 #endif
152
153 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
154 #define USAGE_CID \
155 " cid=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension.\n" \
156 " default: 0 (disabled)\n" \
157 " cid_renego=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension during renegotiation.\n" \
158 " default: same as 'cid' parameter\n" \
159 " cid_val=%%s The CID to use for incoming messages (in hex, without 0x).\n" \
160 " default: \"\"\n" \
161 " cid_val_renego=%%s The CID to use for incoming messages (in hex, without 0x) after renegotiation.\n" \
162 " default: same as 'cid_val' parameter\n"
163 #else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
164 #define USAGE_CID ""
165 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
166
167 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
168 #define USAGE_PSK_RAW \
169 " psk=%%s default: \"\" (disabled)\n" \
170 " The PSK values are in hex, without 0x.\n" \
171 " psk_identity=%%s default: \"Client_identity\"\n"
172 #if defined(MBEDTLS_USE_PSA_CRYPTO)
173 #define USAGE_PSK_SLOT \
174 " psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \
175 " Enable this to store the PSK configured through command line\n" \
176 " parameter `psk` in a PSA-based key slot.\n" \
177 " Note: Currently only supported in conjunction with\n" \
178 " the use of min_version to force TLS 1.2 and force_ciphersuite \n" \
179 " to force a particular PSK-only ciphersuite.\n" \
180 " Note: This is to test integration of PSA-based opaque PSKs with\n" \
181 " Mbed TLS only. Production systems are likely to configure Mbed TLS\n" \
182 " with prepopulated key slots instead of importing raw key material.\n"
183 #else
184 #define USAGE_PSK_SLOT ""
185 #endif /* MBEDTLS_USE_PSA_CRYPTO */
186 #define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT
187 #else
188 #define USAGE_PSK ""
189 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
190
191 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
192 #define USAGE_CA_CALLBACK \
193 " ca_callback=%%d default: 0 (disabled)\n" \
194 " Enable this to use the trusted certificate callback function\n"
195 #else
196 #define USAGE_CA_CALLBACK ""
197 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
198
199 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
200 #define USAGE_TICKETS \
201 " tickets=%%d default: 1 (enabled)\n"
202 #else
203 #define USAGE_TICKETS ""
204 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
205
206 #define USAGE_EAP_TLS \
207 " eap_tls=%%d default: 0 (disabled)\n"
208 #define USAGE_NSS_KEYLOG \
209 " nss_keylog=%%d default: 0 (disabled)\n" \
210 " This cannot be used with eap_tls=1\n"
211 #define USAGE_NSS_KEYLOG_FILE \
212 " nss_keylog_file=%%s\n"
213 #if defined(MBEDTLS_SSL_DTLS_SRTP)
214 #define USAGE_SRTP \
215 " use_srtp=%%d default: 0 (disabled)\n" \
216 " This cannot be used with eap_tls=1 or " \
217 " nss_keylog=1\n" \
218 " srtp_force_profile=%%d default: 0 (all enabled)\n" \
219 " available profiles:\n" \
220 " 1 - SRTP_AES128_CM_HMAC_SHA1_80\n" \
221 " 2 - SRTP_AES128_CM_HMAC_SHA1_32\n" \
222 " 3 - SRTP_NULL_HMAC_SHA1_80\n" \
223 " 4 - SRTP_NULL_HMAC_SHA1_32\n" \
224 " mki=%%s default: \"\" (in hex, without 0x)\n"
225 #else /* MBEDTLS_SSL_DTLS_SRTP */
226 #define USAGE_SRTP ""
227 #endif
228
229 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
230 #define USAGE_MAX_FRAG_LEN \
231 " max_frag_len=%%d default: 16384 (tls default)\n" \
232 " options: 512, 1024, 2048, 4096\n"
233 #else
234 #define USAGE_MAX_FRAG_LEN ""
235 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
236
237 #if defined(MBEDTLS_DHM_C)
238 #define USAGE_DHMLEN \
239 " dhmlen=%%d default: (library default: 1024 bits)\n"
240 #else
241 #define USAGE_DHMLEN
242 #endif
243
244 #if defined(MBEDTLS_SSL_ALPN)
245 #define USAGE_ALPN \
246 " alpn=%%s default: \"\" (disabled)\n" \
247 " example: spdy/1,http/1.1\n"
248 #else
249 #define USAGE_ALPN ""
250 #endif /* MBEDTLS_SSL_ALPN */
251
252 #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) || \
253 (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
254 defined(PSA_WANT_ALG_FFDH))
255 #define USAGE_GROUPS \
256 " groups=a,b,c,d default: \"default\" (library default)\n" \
257 " example: \"secp521r1,brainpoolP512r1\"\n" \
258 " - use \"none\" for empty list\n" \
259 " - see mbedtls_ecp_curve_list()\n" \
260 " for acceptable EC group names\n" \
261 " - the following ffdh groups are supported:\n" \
262 " ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144,\n" \
263 " ffdhe8192\n"
264 #else
265 #define USAGE_GROUPS ""
266 #endif
267
268 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
269 #define USAGE_SIG_ALGS \
270 " sig_algs=a,b,c,d default: \"default\" (library default)\n" \
271 " example: \"ecdsa_secp256r1_sha256,ecdsa_secp384r1_sha384\"\n"
272 #else
273 #define USAGE_SIG_ALGS ""
274 #endif
275
276 #if defined(MBEDTLS_SSL_PROTO_DTLS)
277 #define USAGE_DTLS \
278 " dtls=%%d default: 0 (TLS)\n" \
279 " hs_timeout=%%d-%%d default: (library default: 1000-60000)\n" \
280 " range of DTLS handshake timeouts in millisecs\n" \
281 " mtu=%%d default: (library default: unlimited)\n" \
282 " dgram_packing=%%d default: 1 (allowed)\n" \
283 " allow or forbid packing of multiple\n" \
284 " records within a single datgram.\n"
285 #else
286 #define USAGE_DTLS ""
287 #endif
288
289 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
290 #define USAGE_EMS \
291 " extended_ms=0/1 default: (library default: on)\n"
292 #else
293 #define USAGE_EMS ""
294 #endif
295
296 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
297 #define USAGE_ETM \
298 " etm=0/1 default: (library default: on)\n"
299 #else
300 #define USAGE_ETM ""
301 #endif
302
303 #define USAGE_REPRODUCIBLE \
304 " reproducible=0/1 default: 0 (disabled)\n"
305
306 #if defined(MBEDTLS_SSL_RENEGOTIATION)
307 #define USAGE_RENEGO \
308 " renegotiation=%%d default: 0 (disabled)\n" \
309 " renegotiate=%%d default: 0 (disabled)\n"
310 #else
311 #define USAGE_RENEGO ""
312 #endif
313
314 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
315 #if defined(MBEDTLS_USE_PSA_CRYPTO)
316 #define USAGE_ECJPAKE \
317 " ecjpake_pw=%%s default: none (disabled)\n" \
318 " ecjpake_pw_opaque=%%d default: 0 (disabled)\n"
319 #else /* MBEDTLS_USE_PSA_CRYPTO */
320 #define USAGE_ECJPAKE \
321 " ecjpake_pw=%%s default: none (disabled)\n"
322 #endif /* MBEDTLS_USE_PSA_CRYPTO */
323 #else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
324 #define USAGE_ECJPAKE ""
325 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
326
327 #if defined(MBEDTLS_ECP_RESTARTABLE)
328 #define USAGE_ECRESTART \
329 " ec_max_ops=%%s default: library default (restart disabled)\n"
330 #else
331 #define USAGE_ECRESTART ""
332 #endif
333
334 #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
335 #define USAGE_SERIALIZATION \
336 " serialize=%%d default: 0 (do not serialize/deserialize)\n" \
337 " options: 1 (serialize)\n" \
338 " 2 (serialize with re-initialization)\n" \
339 " context_file=%%s The file path to write a serialized connection\n" \
340 " in the form of base64 code (serialize option\n" \
341 " must be set)\n" \
342 " default: \"\" (do nothing)\n" \
343 " option: a file path\n"
344 #else
345 #define USAGE_SERIALIZATION ""
346 #endif
347
348 #if defined(MBEDTLS_SSL_EARLY_DATA)
349 #define USAGE_EARLY_DATA \
350 " early_data=%%d default: library default\n" \
351 " options: 0 (disabled), 1 (enabled)\n"
352 #else
353 #define USAGE_EARLY_DATA ""
354 #endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_PROTO_TLS1_3 */
355
356 #define USAGE_KEY_OPAQUE_ALGS \
357 " key_opaque_algs=%%s Allowed opaque key algorithms.\n" \
358 " comma-separated pair of values among the following:\n" \
359 " rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \
360 " rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \
361 " ecdsa-sign, ecdh, none (only acceptable for\n" \
362 " the second value).\n" \
363
364 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
365 #define USAGE_TLS1_3_KEY_EXCHANGE_MODES \
366 " tls13_kex_modes=%%s default: all\n" \
367 " options: psk, psk_ephemeral, psk_all, ephemeral,\n" \
368 " ephemeral_all, all, psk_or_ephemeral\n"
369 #else
370 #define USAGE_TLS1_3_KEY_EXCHANGE_MODES ""
371 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
372
373 /* USAGE is arbitrarily split to stay under the portable string literal
374 * length limit: 4095 bytes in C99. */
375 #define USAGE1 \
376 "\n usage: ssl_client2 param=<>...\n" \
377 "\n acceptable parameters:\n" \
378 " server_name=%%s default: localhost\n" \
379 " server_addr=%%s default: given by name\n" \
380 " server_port=%%d default: 4433\n" \
381 " request_page=%%s default: \".\"\n" \
382 " request_size=%%d default: about 34 (basic request)\n" \
383 " (minimum: 0, max: " MAX_REQUEST_SIZE_STR ")\n" \
384 " If 0, in the first exchange only an empty\n" \
385 " application data message is sent followed by\n" \
386 " a second non-empty message before attempting\n" \
387 " to read a response from the server\n" \
388 " debug_level=%%d default: 0 (disabled)\n" \
389 " build_version=%%d default: none (disabled)\n" \
390 " option: 1 (print build version only and stop)\n" \
391 " nbio=%%d default: 0 (blocking I/O)\n" \
392 " options: 1 (non-blocking), 2 (added delays)\n" \
393 " event=%%d default: 0 (loop)\n" \
394 " options: 1 (level-triggered, implies nbio=1),\n" \
395 " read_timeout=%%d default: 0 ms (no timeout)\n" \
396 " max_resend=%%d default: 0 (no resend on timeout)\n" \
397 " skip_close_notify=%%d default: 0 (send close_notify)\n" \
398 "\n" \
399 USAGE_DTLS \
400 USAGE_CID \
401 USAGE_SRTP \
402 "\n"
403 #define USAGE2 \
404 " auth_mode=%%s default: (library default: none)\n" \
405 " options: none, optional, required\n" \
406 USAGE_IO \
407 USAGE_KEY_OPAQUE \
408 USAGE_CA_CALLBACK \
409 "\n" \
410 USAGE_PSK \
411 USAGE_ECJPAKE \
412 USAGE_ECRESTART \
413 "\n"
414 #define USAGE3 \
415 " allow_legacy=%%d default: (library default: no)\n" \
416 USAGE_RENEGO \
417 " exchanges=%%d default: 1\n" \
418 " reconnect=%%d number of reconnections using session resumption\n" \
419 " default: 0 (disabled)\n" \
420 " reco_server_name=%%s default: NULL\n" \
421 " reco_delay=%%d default: 0 milliseconds\n" \
422 " reco_mode=%%d 0: copy session, 1: serialize session\n" \
423 " default: 1\n" \
424 " reconnect_hard=%%d default: 0 (disabled)\n" \
425 USAGE_TICKETS \
426 USAGE_EAP_TLS \
427 USAGE_MAX_FRAG_LEN \
428 USAGE_CONTEXT_CRT_CB \
429 USAGE_ALPN \
430 USAGE_EMS \
431 USAGE_ETM \
432 USAGE_REPRODUCIBLE \
433 USAGE_GROUPS \
434 USAGE_SIG_ALGS \
435 USAGE_EARLY_DATA \
436 USAGE_DHMLEN \
437 USAGE_KEY_OPAQUE_ALGS \
438 "\n"
439
440 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
441 #define TLS1_3_VERSION_OPTIONS ", tls13"
442 #else /* MBEDTLS_SSL_PROTO_TLS1_3 */
443 #define TLS1_3_VERSION_OPTIONS ""
444 #endif /* !MBEDTLS_SSL_PROTO_TLS1_3 */
445
446 #define USAGE4 \
447 " allow_sha1=%%d default: 0\n" \
448 " min_version=%%s default: (library default: tls12)\n" \
449 " max_version=%%s default: (library default: tls12)\n" \
450 " force_version=%%s default: \"\" (none)\n" \
451 " options: tls12, dtls12" TLS1_3_VERSION_OPTIONS \
452 "\n\n" \
453 " force_ciphersuite=<name> default: all enabled\n" \
454 USAGE_TLS1_3_KEY_EXCHANGE_MODES \
455 " query_config=<name> return 0 if the specified\n" \
456 " configuration macro is defined and 1\n" \
457 " otherwise. The expansion of the macro\n" \
458 " is printed if it is defined\n" \
459 USAGE_SERIALIZATION \
460 "\n"
461
462 /*
463 * global options
464 */
465 struct options {
466 const char *server_name; /* hostname of the server (client only) */
467 const char *server_addr; /* address of the server (client only) */
468 const char *server_port; /* port on which the ssl service runs */
469 int debug_level; /* level of debugging */
470 int nbio; /* should I/O be blocking? */
471 int event; /* loop or event-driven IO? level or edge triggered? */
472 uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */
473 int max_resend; /* DTLS times to resend on read timeout */
474 const char *request_page; /* page on server to request */
475 int request_size; /* pad request with header to requested size */
476 const char *ca_file; /* the file with the CA certificate(s) */
477 const char *ca_path; /* the path with the CA certificate(s) reside */
478 const char *crt_file; /* the file with the client certificate */
479 const char *key_file; /* the file with the client key */
480 int key_opaque; /* handle private key as if it were opaque */
481 #if defined(MBEDTLS_USE_PSA_CRYPTO)
482 int psk_opaque;
483 #endif
484 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
485 int ca_callback; /* Use callback for trusted certificate list */
486 #endif
487 const char *key_pwd; /* the password for the client key */
488 const char *psk; /* the pre-shared key */
489 const char *psk_identity; /* the pre-shared key identity */
490 const char *ecjpake_pw; /* the EC J-PAKE password */
491 #if defined(MBEDTLS_USE_PSA_CRYPTO)
492 int ecjpake_pw_opaque; /* set to 1 to use the opaque method for setting the password */
493 #endif
494 int ec_max_ops; /* EC consecutive operations limit */
495 int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
496 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
497 int tls13_kex_modes; /* supported TLS 1.3 key exchange modes */
498 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
499 int renegotiation; /* enable / disable renegotiation */
500 int allow_legacy; /* allow legacy renegotiation */
501 int renegotiate; /* attempt renegotiation? */
502 int renego_delay; /* delay before enforcing renegotiation */
503 int exchanges; /* number of data exchanges */
504 int min_version; /* minimum protocol version accepted */
505 int max_version; /* maximum protocol version accepted */
506 int allow_sha1; /* flag for SHA-1 support */
507 int auth_mode; /* verify mode for connection */
508 unsigned char mfl_code; /* code for maximum fragment length */
509 int trunc_hmac; /* negotiate truncated hmac or not */
510 int recsplit; /* enable record splitting? */
511 int dhmlen; /* minimum DHM params len in bits */
512 int reconnect; /* attempt to resume session */
513 const char *reco_server_name; /* hostname of the server (re-connect) */
514 int reco_delay; /* delay in seconds before resuming session */
515 int reco_mode; /* how to keep the session around */
516 int reconnect_hard; /* unexpectedly reconnect from the same port */
517 int tickets; /* enable / disable session tickets */
518 const char *groups; /* list of supported groups */
519 const char *sig_algs; /* supported TLS 1.3 signature algorithms */
520 const char *alpn_string; /* ALPN supported protocols */
521 int transport; /* TLS or DTLS? */
522 uint32_t hs_to_min; /* Initial value of DTLS handshake timer */
523 uint32_t hs_to_max; /* Max value of DTLS handshake timer */
524 int dtls_mtu; /* UDP Maximum transport unit for DTLS */
525 int fallback; /* is this a fallback connection? */
526 int dgram_packing; /* allow/forbid datagram packing */
527 int extended_ms; /* negotiate extended master secret? */
528 int etm; /* negotiate encrypt then mac? */
529 int context_crt_cb; /* use context-specific CRT verify callback */
530 int eap_tls; /* derive EAP-TLS keying material? */
531 int nss_keylog; /* export NSS key log material */
532 const char *nss_keylog_file; /* NSS key log file */
533 int cid_enabled; /* whether to use the CID extension or not */
534 int cid_enabled_renego; /* whether to use the CID extension or not
535 * during renegotiation */
536 const char *cid_val; /* the CID to use for incoming messages */
537 int serialize; /* serialize/deserialize connection */
538 const char *context_file; /* the file to write a serialized connection
539 * in the form of base64 code (serialize
540 * option must be set) */
541 const char *cid_val_renego; /* the CID to use for incoming messages
542 * after renegotiation */
543 int reproducible; /* make communication reproducible */
544 int skip_close_notify; /* skip sending the close_notify alert */
545 #if defined(MBEDTLS_SSL_EARLY_DATA)
546 int early_data; /* early data enablement flag */
547 #endif
548 int query_config_mode; /* whether to read config */
549 int use_srtp; /* Support SRTP */
550 int force_srtp_profile; /* SRTP protection profile to use or all */
551 const char *mki; /* The dtls mki value to use */
552 const char *key_opaque_alg1; /* Allowed opaque key alg 1 */
553 const char *key_opaque_alg2; /* Allowed Opaque key alg 2 */
554 } opt;
555
556 #include "ssl_test_common_source.c"
557
558 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
559 static unsigned char peer_crt_info[1024];
560
561 /*
562 * Enabled if debug_level > 1 in code below
563 */
my_verify(void * data,mbedtls_x509_crt * crt,int depth,uint32_t * flags)564 static int my_verify(void *data, mbedtls_x509_crt *crt,
565 int depth, uint32_t *flags)
566 {
567 char buf[1024];
568 ((void) data);
569
570 mbedtls_printf("\nVerify requested for (Depth %d):\n", depth);
571
572 #if !defined(MBEDTLS_X509_REMOVE_INFO)
573 mbedtls_x509_crt_info(buf, sizeof(buf) - 1, "", crt);
574 if (depth == 0) {
575 memcpy(peer_crt_info, buf, sizeof(buf));
576 }
577
578 if (opt.debug_level == 0) {
579 return 0;
580 }
581
582 mbedtls_printf("%s", buf);
583 #else
584 ((void) crt);
585 ((void) depth);
586 #endif
587
588 if ((*flags) == 0) {
589 mbedtls_printf(" This certificate has no flags\n");
590 } else {
591 x509_crt_verify_info(buf, sizeof(buf), " ! ", *flags);
592 mbedtls_printf("%s\n", buf);
593 }
594
595 return 0;
596 }
597 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
598
599 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
report_cid_usage(mbedtls_ssl_context * ssl,const char * additional_description)600 int report_cid_usage(mbedtls_ssl_context *ssl,
601 const char *additional_description)
602 {
603 int ret;
604 unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX];
605 size_t peer_cid_len;
606 int cid_negotiated;
607
608 if (opt.transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
609 return 0;
610 }
611
612 /* Check if the use of a CID has been negotiated,
613 * but don't ask for the CID value and length.
614 *
615 * Note: Here and below, we're demonstrating the various ways
616 * in which mbedtls_ssl_get_peer_cid() can be called,
617 * depending on whether or not the length/value of the
618 * peer's CID is needed.
619 *
620 * An actual application, however, should use
621 * just one call to mbedtls_ssl_get_peer_cid(). */
622 ret = mbedtls_ssl_get_peer_cid(ssl, &cid_negotiated,
623 NULL, NULL);
624 if (ret != 0) {
625 mbedtls_printf(" failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
626 (unsigned int) -ret);
627 return ret;
628 }
629
630 if (cid_negotiated == MBEDTLS_SSL_CID_DISABLED) {
631 if (opt.cid_enabled == MBEDTLS_SSL_CID_ENABLED) {
632 mbedtls_printf("(%s) Use of Connection ID was rejected by the server.\n",
633 additional_description);
634 }
635 } else {
636 size_t idx = 0;
637 mbedtls_printf("(%s) Use of Connection ID has been negotiated.\n",
638 additional_description);
639
640 /* Ask for just the length of the peer's CID. */
641 ret = mbedtls_ssl_get_peer_cid(ssl, &cid_negotiated,
642 NULL, &peer_cid_len);
643 if (ret != 0) {
644 mbedtls_printf(" failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
645 (unsigned int) -ret);
646 return ret;
647 }
648
649 /* Ask for just length + value of the peer's CID. */
650 ret = mbedtls_ssl_get_peer_cid(ssl, &cid_negotiated,
651 peer_cid, &peer_cid_len);
652 if (ret != 0) {
653 mbedtls_printf(" failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
654 (unsigned int) -ret);
655 return ret;
656 }
657 mbedtls_printf("(%s) Peer CID (length %u Bytes): ",
658 additional_description,
659 (unsigned) peer_cid_len);
660 while (idx < peer_cid_len) {
661 mbedtls_printf("%02x ", peer_cid[idx]);
662 idx++;
663 }
664 mbedtls_printf("\n");
665 }
666
667 return 0;
668 }
669 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
670
ssl_save_session_serialize(mbedtls_ssl_context * ssl,unsigned char ** session_data,size_t * session_data_len)671 static int ssl_save_session_serialize(mbedtls_ssl_context *ssl,
672 unsigned char **session_data,
673 size_t *session_data_len)
674 {
675 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
676 mbedtls_ssl_session exported_session;
677
678 /* free any previously saved data */
679 if (*session_data != NULL) {
680 mbedtls_platform_zeroize(*session_data, *session_data_len);
681 mbedtls_free(*session_data);
682 *session_data = NULL;
683 *session_data_len = 0;
684 }
685
686 mbedtls_ssl_session_init(&exported_session);
687 ret = mbedtls_ssl_get_session(ssl, &exported_session);
688 if (ret != 0) {
689 mbedtls_printf(
690 "failed\n ! mbedtls_ssl_get_session() returned -%#02x\n",
691 (unsigned) -ret);
692 goto exit;
693 }
694
695 /* get size of the buffer needed */
696 (void) mbedtls_ssl_session_save(&exported_session, NULL, 0, session_data_len);
697 *session_data = mbedtls_calloc(1, *session_data_len);
698 if (*session_data == NULL) {
699 mbedtls_printf(" failed\n ! alloc %u bytes for session data\n",
700 (unsigned) *session_data_len);
701 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
702 goto exit;
703 }
704
705 /* actually save session data */
706 if ((ret = mbedtls_ssl_session_save(&exported_session,
707 *session_data, *session_data_len,
708 session_data_len)) != 0) {
709 mbedtls_printf(" failed\n ! mbedtls_ssl_session_saved returned -0x%04x\n\n",
710 (unsigned int) -ret);
711 goto exit;
712 }
713
714 exit:
715 mbedtls_ssl_session_free(&exported_session);
716 return ret;
717 }
718
719 /*
720 * Build HTTP request
721 */
build_http_request(unsigned char * buf,size_t buf_size,size_t * request_len)722 static int build_http_request(unsigned char *buf, size_t buf_size, size_t *request_len)
723 {
724 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
725 size_t len, tail_len, request_size;
726
727 ret = mbedtls_snprintf((char *) buf, buf_size, GET_REQUEST, opt.request_page);
728 if (ret < 0) {
729 return ret;
730 }
731
732 len = (size_t) ret;
733 tail_len = strlen(GET_REQUEST_END);
734 if (opt.request_size != DFL_REQUEST_SIZE) {
735 request_size = (size_t) opt.request_size;
736 } else {
737 request_size = len + tail_len;
738 }
739
740 if (request_size > buf_size) {
741 return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
742 }
743
744 /* Add padding to GET request to reach opt.request_size in length */
745 if (opt.request_size != DFL_REQUEST_SIZE &&
746 len + tail_len < request_size) {
747 memset(buf + len, 'A', request_size - len - tail_len);
748 len = request_size - tail_len;
749 }
750
751 strncpy((char *) buf + len, GET_REQUEST_END, buf_size - len);
752 len += tail_len;
753
754 /* Truncate if request size is smaller than the "natural" size */
755 if (opt.request_size != DFL_REQUEST_SIZE &&
756 len > request_size) {
757 len = request_size;
758
759 /* Still end with \r\n unless that's really not possible */
760 if (len >= 2) {
761 buf[len - 2] = '\r';
762 }
763 if (len >= 1) {
764 buf[len - 1] = '\n';
765 }
766 }
767
768 *request_len = len;
769
770 return 0;
771 }
772
main(int argc,char * argv[])773 int main(int argc, char *argv[])
774 {
775 int ret = 0, i;
776 size_t len, written, frags, retry_left;
777 int query_config_ret = 0;
778 mbedtls_net_context server_fd;
779 io_ctx_t io_ctx;
780
781 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
782 uint16_t sig_alg_list[SIG_ALG_LIST_SIZE];
783 #endif
784
785 unsigned char buf[MAX_REQUEST_SIZE + 1];
786
787 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
788 unsigned char psk[MBEDTLS_PSK_MAX_LEN];
789 size_t psk_len = 0;
790 #endif
791
792 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
793 unsigned char cid[MBEDTLS_SSL_CID_IN_LEN_MAX];
794 unsigned char cid_renego[MBEDTLS_SSL_CID_IN_LEN_MAX];
795 size_t cid_len = 0;
796 size_t cid_renego_len = 0;
797 #endif
798
799 #if defined(MBEDTLS_SSL_ALPN)
800 const char *alpn_list[ALPN_LIST_SIZE];
801 #endif
802
803 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
804 unsigned char alloc_buf[MEMORY_HEAP_SIZE];
805 #endif
806 uint16_t group_list[GROUP_LIST_SIZE];
807 #if defined(MBEDTLS_SSL_DTLS_SRTP)
808 unsigned char mki[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH];
809 size_t mki_len = 0;
810 #endif
811
812 const char *pers = "ssl_client2";
813
814 #if defined(MBEDTLS_USE_PSA_CRYPTO)
815 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
816 mbedtls_svc_key_id_t slot = MBEDTLS_SVC_KEY_ID_INIT;
817 psa_algorithm_t alg = 0;
818 psa_key_attributes_t key_attributes;
819 #endif
820 psa_status_t status;
821 #elif defined(MBEDTLS_SSL_PROTO_TLS1_3)
822 psa_status_t status;
823 #endif
824
825 rng_context_t rng;
826 mbedtls_ssl_context ssl;
827 mbedtls_ssl_config conf;
828 mbedtls_ssl_session saved_session;
829 unsigned char *session_data = NULL;
830 size_t session_data_len = 0;
831 #if defined(MBEDTLS_TIMING_C)
832 mbedtls_timing_delay_context timer;
833 #endif
834 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
835 uint32_t flags;
836 mbedtls_x509_crt cacert;
837 mbedtls_x509_crt clicert;
838 mbedtls_pk_context pkey;
839 mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
840 #if defined(MBEDTLS_USE_PSA_CRYPTO)
841 mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
842 #endif
843 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
844 char *p, *q;
845 const int *list;
846 #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
847 unsigned char *context_buf = NULL;
848 size_t context_buf_len;
849 #endif
850 unsigned char eap_tls_keymaterial[16];
851 unsigned char eap_tls_iv[8];
852 const char *eap_tls_label = "client EAP encryption";
853 eap_tls_keys eap_tls_keying;
854 #if defined(MBEDTLS_SSL_DTLS_SRTP)
855 /*! master keys and master salt for SRTP generated during handshake */
856 unsigned char dtls_srtp_key_material[MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH];
857 const char *dtls_srtp_label = "EXTRACTOR-dtls_srtp";
858 dtls_srtp_keys dtls_srtp_keying;
859 const mbedtls_ssl_srtp_profile default_profiles[] = {
860 MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80,
861 MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32,
862 MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80,
863 MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32,
864 MBEDTLS_TLS_SRTP_UNSET
865 };
866 #endif /* MBEDTLS_SSL_DTLS_SRTP */
867 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
868 defined(MBEDTLS_USE_PSA_CRYPTO)
869 mbedtls_svc_key_id_t ecjpake_pw_slot = MBEDTLS_SVC_KEY_ID_INIT; /* ecjpake password key slot */
870 #endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
871
872 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
873 mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf));
874 #endif
875
876 #if defined(MBEDTLS_TEST_HOOKS)
877 test_hooks_init();
878 #endif /* MBEDTLS_TEST_HOOKS */
879
880 /*
881 * Make sure memory references are valid.
882 */
883 mbedtls_net_init(&server_fd);
884 mbedtls_ssl_init(&ssl);
885 mbedtls_ssl_config_init(&conf);
886 mbedtls_ssl_session_init(&saved_session);
887 rng_init(&rng);
888 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
889 mbedtls_x509_crt_init(&cacert);
890 mbedtls_x509_crt_init(&clicert);
891 mbedtls_pk_init(&pkey);
892 #endif
893 #if defined(MBEDTLS_SSL_ALPN)
894 memset((void *) alpn_list, 0, sizeof(alpn_list));
895 #endif
896
897 #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
898 status = psa_crypto_init();
899 if (status != PSA_SUCCESS) {
900 mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
901 (int) status);
902 ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
903 goto exit;
904 }
905 #endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
906 #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
907 mbedtls_test_enable_insecure_external_rng();
908 #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
909
910 opt.server_name = DFL_SERVER_NAME;
911 opt.server_addr = DFL_SERVER_ADDR;
912 opt.server_port = DFL_SERVER_PORT;
913 opt.debug_level = DFL_DEBUG_LEVEL;
914 opt.cid_enabled = DFL_CID_ENABLED;
915 opt.cid_val = DFL_CID_VALUE;
916 opt.cid_enabled_renego = DFL_CID_ENABLED_RENEGO;
917 opt.cid_val_renego = DFL_CID_VALUE_RENEGO;
918 opt.nbio = DFL_NBIO;
919 opt.event = DFL_EVENT;
920 opt.context_crt_cb = DFL_CONTEXT_CRT_CB;
921 opt.read_timeout = DFL_READ_TIMEOUT;
922 opt.max_resend = DFL_MAX_RESEND;
923 opt.request_page = DFL_REQUEST_PAGE;
924 opt.request_size = DFL_REQUEST_SIZE;
925 opt.ca_file = DFL_CA_FILE;
926 opt.ca_path = DFL_CA_PATH;
927 opt.crt_file = DFL_CRT_FILE;
928 opt.key_file = DFL_KEY_FILE;
929 opt.key_opaque = DFL_KEY_OPAQUE;
930 opt.key_pwd = DFL_KEY_PWD;
931 opt.psk = DFL_PSK;
932 #if defined(MBEDTLS_USE_PSA_CRYPTO)
933 opt.psk_opaque = DFL_PSK_OPAQUE;
934 #endif
935 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
936 opt.ca_callback = DFL_CA_CALLBACK;
937 #endif
938 opt.psk_identity = DFL_PSK_IDENTITY;
939 opt.ecjpake_pw = DFL_ECJPAKE_PW;
940 #if defined(MBEDTLS_USE_PSA_CRYPTO)
941 opt.ecjpake_pw_opaque = DFL_ECJPAKE_PW_OPAQUE;
942 #endif
943 opt.ec_max_ops = DFL_EC_MAX_OPS;
944 opt.force_ciphersuite[0] = DFL_FORCE_CIPHER;
945 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
946 opt.tls13_kex_modes = DFL_TLS1_3_KEX_MODES;
947 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
948 opt.renegotiation = DFL_RENEGOTIATION;
949 opt.allow_legacy = DFL_ALLOW_LEGACY;
950 opt.renegotiate = DFL_RENEGOTIATE;
951 opt.exchanges = DFL_EXCHANGES;
952 opt.min_version = DFL_MIN_VERSION;
953 opt.max_version = DFL_MAX_VERSION;
954 opt.allow_sha1 = DFL_SHA1;
955 opt.auth_mode = DFL_AUTH_MODE;
956 opt.mfl_code = DFL_MFL_CODE;
957 opt.trunc_hmac = DFL_TRUNC_HMAC;
958 opt.recsplit = DFL_RECSPLIT;
959 opt.dhmlen = DFL_DHMLEN;
960 opt.reconnect = DFL_RECONNECT;
961 opt.reco_server_name = DFL_RECO_SERVER_NAME;
962 opt.reco_delay = DFL_RECO_DELAY;
963 opt.reco_mode = DFL_RECO_MODE;
964 opt.reconnect_hard = DFL_RECONNECT_HARD;
965 opt.tickets = DFL_TICKETS;
966 opt.alpn_string = DFL_ALPN_STRING;
967 opt.groups = DFL_GROUPS;
968 opt.sig_algs = DFL_SIG_ALGS;
969 #if defined(MBEDTLS_SSL_EARLY_DATA)
970 opt.early_data = DFL_EARLY_DATA;
971 #endif
972 opt.transport = DFL_TRANSPORT;
973 opt.hs_to_min = DFL_HS_TO_MIN;
974 opt.hs_to_max = DFL_HS_TO_MAX;
975 opt.dtls_mtu = DFL_DTLS_MTU;
976 opt.fallback = DFL_FALLBACK;
977 opt.extended_ms = DFL_EXTENDED_MS;
978 opt.etm = DFL_ETM;
979 opt.dgram_packing = DFL_DGRAM_PACKING;
980 opt.serialize = DFL_SERIALIZE;
981 opt.context_file = DFL_CONTEXT_FILE;
982 opt.eap_tls = DFL_EAP_TLS;
983 opt.reproducible = DFL_REPRODUCIBLE;
984 opt.nss_keylog = DFL_NSS_KEYLOG;
985 opt.nss_keylog_file = DFL_NSS_KEYLOG_FILE;
986 opt.skip_close_notify = DFL_SKIP_CLOSE_NOTIFY;
987 opt.query_config_mode = DFL_QUERY_CONFIG_MODE;
988 opt.use_srtp = DFL_USE_SRTP;
989 opt.force_srtp_profile = DFL_SRTP_FORCE_PROFILE;
990 opt.mki = DFL_SRTP_MKI;
991 opt.key_opaque_alg1 = DFL_KEY_OPAQUE_ALG;
992 opt.key_opaque_alg2 = DFL_KEY_OPAQUE_ALG;
993
994 p = q = NULL;
995 if (argc < 1) {
996 usage:
997 if (p != NULL && q != NULL) {
998 printf("unrecognized value for '%s': '%s'\n", p, q);
999 } else if (p != NULL && q == NULL) {
1000 printf("unrecognized param: '%s'\n", p);
1001 }
1002
1003 mbedtls_printf("usage: ssl_client2 [param=value] [...]\n");
1004 mbedtls_printf(" ssl_client2 help[_theme]\n");
1005 mbedtls_printf("'help' lists acceptable 'param' and 'value'\n");
1006 mbedtls_printf("'help_ciphersuites' lists available ciphersuites\n");
1007 mbedtls_printf("\n");
1008
1009 if (ret == 0) {
1010 ret = 1;
1011 }
1012 goto exit;
1013 }
1014
1015 for (i = 1; i < argc; i++) {
1016 p = argv[i];
1017
1018 if (strcmp(p, "help") == 0) {
1019 mbedtls_printf(USAGE1);
1020 mbedtls_printf(USAGE2);
1021 mbedtls_printf(USAGE3);
1022 mbedtls_printf(USAGE4);
1023
1024 ret = 0;
1025 goto exit;
1026 }
1027 if (strcmp(p, "help_ciphersuites") == 0) {
1028 mbedtls_printf(" acceptable ciphersuite names:\n");
1029 for (list = mbedtls_ssl_list_ciphersuites();
1030 *list != 0;
1031 list++) {
1032 mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name(*list));
1033 }
1034
1035 ret = 0;
1036 goto exit;
1037 }
1038
1039 if ((q = strchr(p, '=')) == NULL) {
1040 mbedtls_printf("param requires a value: '%s'\n", p);
1041 p = NULL; // avoid "unrecnognized param" message
1042 goto usage;
1043 }
1044 *q++ = '\0';
1045
1046 if (strcmp(p, "server_name") == 0) {
1047 opt.server_name = q;
1048 } else if (strcmp(p, "server_addr") == 0) {
1049 opt.server_addr = q;
1050 } else if (strcmp(p, "server_port") == 0) {
1051 opt.server_port = q;
1052 } else if (strcmp(p, "dtls") == 0) {
1053 int t = atoi(q);
1054 if (t == 0) {
1055 opt.transport = MBEDTLS_SSL_TRANSPORT_STREAM;
1056 } else if (t == 1) {
1057 opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
1058 } else {
1059 goto usage;
1060 }
1061 } else if (strcmp(p, "debug_level") == 0) {
1062 opt.debug_level = atoi(q);
1063 if (opt.debug_level < 0 || opt.debug_level > 65535) {
1064 goto usage;
1065 }
1066 } else if (strcmp(p, "build_version") == 0) {
1067 if (strcmp(q, "1") == 0) {
1068 mbedtls_printf("build version: %s (build %d)\n",
1069 MBEDTLS_VERSION_STRING_FULL,
1070 MBEDTLS_VERSION_NUMBER);
1071 goto exit;
1072 }
1073 } else if (strcmp(p, "context_crt_cb") == 0) {
1074 opt.context_crt_cb = atoi(q);
1075 if (opt.context_crt_cb != 0 && opt.context_crt_cb != 1) {
1076 goto usage;
1077 }
1078 } else if (strcmp(p, "nbio") == 0) {
1079 opt.nbio = atoi(q);
1080 if (opt.nbio < 0 || opt.nbio > 2) {
1081 goto usage;
1082 }
1083 } else if (strcmp(p, "event") == 0) {
1084 opt.event = atoi(q);
1085 if (opt.event < 0 || opt.event > 2) {
1086 goto usage;
1087 }
1088 } else if (strcmp(p, "read_timeout") == 0) {
1089 opt.read_timeout = atoi(q);
1090 } else if (strcmp(p, "max_resend") == 0) {
1091 opt.max_resend = atoi(q);
1092 if (opt.max_resend < 0) {
1093 goto usage;
1094 }
1095 } else if (strcmp(p, "request_page") == 0) {
1096 opt.request_page = q;
1097 } else if (strcmp(p, "request_size") == 0) {
1098 opt.request_size = atoi(q);
1099 if (opt.request_size < 0 ||
1100 opt.request_size > MAX_REQUEST_SIZE) {
1101 goto usage;
1102 }
1103 } else if (strcmp(p, "ca_file") == 0) {
1104 opt.ca_file = q;
1105 } else if (strcmp(p, "ca_path") == 0) {
1106 opt.ca_path = q;
1107 } else if (strcmp(p, "crt_file") == 0) {
1108 opt.crt_file = q;
1109 } else if (strcmp(p, "key_file") == 0) {
1110 opt.key_file = q;
1111 } else if (strcmp(p, "key_pwd") == 0) {
1112 opt.key_pwd = q;
1113 }
1114 #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
1115 else if (strcmp(p, "key_opaque") == 0) {
1116 opt.key_opaque = atoi(q);
1117 }
1118 #endif
1119 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
1120 else if (strcmp(p, "cid") == 0) {
1121 opt.cid_enabled = atoi(q);
1122 if (opt.cid_enabled != 0 && opt.cid_enabled != 1) {
1123 goto usage;
1124 }
1125 } else if (strcmp(p, "cid_renego") == 0) {
1126 opt.cid_enabled_renego = atoi(q);
1127 if (opt.cid_enabled_renego != 0 && opt.cid_enabled_renego != 1) {
1128 goto usage;
1129 }
1130 } else if (strcmp(p, "cid_val") == 0) {
1131 opt.cid_val = q;
1132 } else if (strcmp(p, "cid_val_renego") == 0) {
1133 opt.cid_val_renego = q;
1134 }
1135 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
1136 else if (strcmp(p, "psk") == 0) {
1137 opt.psk = q;
1138 }
1139 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1140 else if (strcmp(p, "psk_opaque") == 0) {
1141 opt.psk_opaque = atoi(q);
1142 }
1143 #endif
1144 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
1145 else if (strcmp(p, "ca_callback") == 0) {
1146 opt.ca_callback = atoi(q);
1147 }
1148 #endif
1149 else if (strcmp(p, "psk_identity") == 0) {
1150 opt.psk_identity = q;
1151 } else if (strcmp(p, "ecjpake_pw") == 0) {
1152 opt.ecjpake_pw = q;
1153 }
1154 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1155 else if (strcmp(p, "ecjpake_pw_opaque") == 0) {
1156 opt.ecjpake_pw_opaque = atoi(q);
1157 }
1158 #endif
1159 else if (strcmp(p, "ec_max_ops") == 0) {
1160 opt.ec_max_ops = atoi(q);
1161 } else if (strcmp(p, "force_ciphersuite") == 0) {
1162 opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q);
1163
1164 if (opt.force_ciphersuite[0] == 0) {
1165 ret = 2;
1166 goto usage;
1167 }
1168 opt.force_ciphersuite[1] = 0;
1169 } else if (strcmp(p, "renegotiation") == 0) {
1170 opt.renegotiation = (atoi(q)) ?
1171 MBEDTLS_SSL_RENEGOTIATION_ENABLED :
1172 MBEDTLS_SSL_RENEGOTIATION_DISABLED;
1173 } else if (strcmp(p, "allow_legacy") == 0) {
1174 switch (atoi(q)) {
1175 case -1:
1176 opt.allow_legacy = MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE;
1177 break;
1178 case 0:
1179 opt.allow_legacy = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION;
1180 break;
1181 case 1:
1182 opt.allow_legacy = MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION;
1183 break;
1184 default: goto usage;
1185 }
1186 } else if (strcmp(p, "renegotiate") == 0) {
1187 opt.renegotiate = atoi(q);
1188 if (opt.renegotiate < 0 || opt.renegotiate > 1) {
1189 goto usage;
1190 }
1191 } else if (strcmp(p, "exchanges") == 0) {
1192 opt.exchanges = atoi(q);
1193 if (opt.exchanges < 1) {
1194 goto usage;
1195 }
1196 } else if (strcmp(p, "reconnect") == 0) {
1197 opt.reconnect = atoi(q);
1198 if (opt.reconnect < 0 || opt.reconnect > 2) {
1199 goto usage;
1200 }
1201 } else if (strcmp(p, "reco_server_name") == 0) {
1202 opt.reco_server_name = q;
1203 } else if (strcmp(p, "reco_delay") == 0) {
1204 opt.reco_delay = atoi(q);
1205 if (opt.reco_delay < 0) {
1206 goto usage;
1207 }
1208 } else if (strcmp(p, "reco_mode") == 0) {
1209 opt.reco_mode = atoi(q);
1210 if (opt.reco_mode < 0) {
1211 goto usage;
1212 }
1213 } else if (strcmp(p, "reconnect_hard") == 0) {
1214 opt.reconnect_hard = atoi(q);
1215 if (opt.reconnect_hard < 0 || opt.reconnect_hard > 1) {
1216 goto usage;
1217 }
1218 } else if (strcmp(p, "tickets") == 0) {
1219 opt.tickets = atoi(q);
1220 if (opt.tickets < 0) {
1221 goto usage;
1222 }
1223 } else if (strcmp(p, "alpn") == 0) {
1224 opt.alpn_string = q;
1225 } else if (strcmp(p, "extended_ms") == 0) {
1226 switch (atoi(q)) {
1227 case 0:
1228 opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_DISABLED;
1229 break;
1230 case 1:
1231 opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
1232 break;
1233 default: goto usage;
1234 }
1235 } else if (strcmp(p, "groups") == 0) {
1236 opt.groups = q;
1237 }
1238 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
1239 else if (strcmp(p, "sig_algs") == 0) {
1240 opt.sig_algs = q;
1241 }
1242 #endif
1243 else if (strcmp(p, "etm") == 0) {
1244 switch (atoi(q)) {
1245 case 0: opt.etm = MBEDTLS_SSL_ETM_DISABLED; break;
1246 case 1: opt.etm = MBEDTLS_SSL_ETM_ENABLED; break;
1247 default: goto usage;
1248 }
1249 }
1250
1251 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
1252 #if defined(MBEDTLS_SSL_EARLY_DATA)
1253 else if (strcmp(p, "early_data") == 0) {
1254 switch (atoi(q)) {
1255 case 0:
1256 opt.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED;
1257 break;
1258 case 1:
1259 opt.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED;
1260 break;
1261 default: goto usage;
1262 }
1263 }
1264 #endif /* MBEDTLS_SSL_EARLY_DATA */
1265
1266 else if (strcmp(p, "tls13_kex_modes") == 0) {
1267 if (strcmp(q, "psk") == 0) {
1268 opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
1269 } else if (strcmp(q, "psk_ephemeral") == 0) {
1270 opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
1271 } else if (strcmp(q, "ephemeral") == 0) {
1272 opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
1273 } else if (strcmp(q, "ephemeral_all") == 0) {
1274 opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL;
1275 } else if (strcmp(q, "psk_all") == 0) {
1276 opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL;
1277 } else if (strcmp(q, "all") == 0) {
1278 opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
1279 } else if (strcmp(q, "psk_or_ephemeral") == 0) {
1280 opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK |
1281 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
1282 } else {
1283 goto usage;
1284 }
1285 }
1286 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
1287 else if (strcmp(p, "min_version") == 0) {
1288 if (strcmp(q, "tls12") == 0 ||
1289 strcmp(q, "dtls12") == 0) {
1290 opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
1291 }
1292 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
1293 else if (strcmp(q, "tls13") == 0) {
1294 opt.min_version = MBEDTLS_SSL_VERSION_TLS1_3;
1295 }
1296 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
1297 else {
1298 goto usage;
1299 }
1300 } else if (strcmp(p, "max_version") == 0) {
1301 if (strcmp(q, "tls12") == 0 ||
1302 strcmp(q, "dtls12") == 0) {
1303 opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
1304 }
1305 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
1306 else if (strcmp(q, "tls13") == 0) {
1307 opt.max_version = MBEDTLS_SSL_VERSION_TLS1_3;
1308 }
1309 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
1310 else {
1311 goto usage;
1312 }
1313 } else if (strcmp(p, "allow_sha1") == 0) {
1314 switch (atoi(q)) {
1315 case 0: opt.allow_sha1 = 0; break;
1316 case 1: opt.allow_sha1 = 1; break;
1317 default: goto usage;
1318 }
1319 } else if (strcmp(p, "force_version") == 0) {
1320 if (strcmp(q, "tls12") == 0) {
1321 opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
1322 opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
1323 } else if (strcmp(q, "dtls12") == 0) {
1324 opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
1325 opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
1326 opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
1327 }
1328 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
1329 else if (strcmp(q, "tls13") == 0) {
1330 opt.min_version = MBEDTLS_SSL_VERSION_TLS1_3;
1331 opt.max_version = MBEDTLS_SSL_VERSION_TLS1_3;
1332 }
1333 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
1334 else {
1335 goto usage;
1336 }
1337 } else if (strcmp(p, "auth_mode") == 0) {
1338 if (strcmp(q, "none") == 0) {
1339 opt.auth_mode = MBEDTLS_SSL_VERIFY_NONE;
1340 } else if (strcmp(q, "optional") == 0) {
1341 opt.auth_mode = MBEDTLS_SSL_VERIFY_OPTIONAL;
1342 } else if (strcmp(q, "required") == 0) {
1343 opt.auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED;
1344 } else {
1345 goto usage;
1346 }
1347 } else if (strcmp(p, "max_frag_len") == 0) {
1348 if (strcmp(q, "512") == 0) {
1349 opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_512;
1350 } else if (strcmp(q, "1024") == 0) {
1351 opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_1024;
1352 } else if (strcmp(q, "2048") == 0) {
1353 opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_2048;
1354 } else if (strcmp(q, "4096") == 0) {
1355 opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_4096;
1356 } else {
1357 goto usage;
1358 }
1359 } else if (strcmp(p, "trunc_hmac") == 0) {
1360 switch (atoi(q)) {
1361 case 0: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_DISABLED; break;
1362 case 1: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED; break;
1363 default: goto usage;
1364 }
1365 } else if (strcmp(p, "hs_timeout") == 0) {
1366 if ((p = strchr(q, '-')) == NULL) {
1367 goto usage;
1368 }
1369 *p++ = '\0';
1370 opt.hs_to_min = atoi(q);
1371 opt.hs_to_max = atoi(p);
1372 if (opt.hs_to_min == 0 || opt.hs_to_max < opt.hs_to_min) {
1373 goto usage;
1374 }
1375 } else if (strcmp(p, "mtu") == 0) {
1376 opt.dtls_mtu = atoi(q);
1377 if (opt.dtls_mtu < 0) {
1378 goto usage;
1379 }
1380 } else if (strcmp(p, "dgram_packing") == 0) {
1381 opt.dgram_packing = atoi(q);
1382 if (opt.dgram_packing != 0 &&
1383 opt.dgram_packing != 1) {
1384 goto usage;
1385 }
1386 } else if (strcmp(p, "recsplit") == 0) {
1387 opt.recsplit = atoi(q);
1388 if (opt.recsplit < 0 || opt.recsplit > 1) {
1389 goto usage;
1390 }
1391 } else if (strcmp(p, "dhmlen") == 0) {
1392 opt.dhmlen = atoi(q);
1393 if (opt.dhmlen < 0) {
1394 goto usage;
1395 }
1396 } else if (strcmp(p, "query_config") == 0) {
1397 opt.query_config_mode = 1;
1398 query_config_ret = query_config(q);
1399 goto exit;
1400 } else if (strcmp(p, "serialize") == 0) {
1401 opt.serialize = atoi(q);
1402 if (opt.serialize < 0 || opt.serialize > 2) {
1403 goto usage;
1404 }
1405 } else if (strcmp(p, "context_file") == 0) {
1406 opt.context_file = q;
1407 } else if (strcmp(p, "eap_tls") == 0) {
1408 opt.eap_tls = atoi(q);
1409 if (opt.eap_tls < 0 || opt.eap_tls > 1) {
1410 goto usage;
1411 }
1412 } else if (strcmp(p, "reproducible") == 0) {
1413 opt.reproducible = 1;
1414 } else if (strcmp(p, "nss_keylog") == 0) {
1415 opt.nss_keylog = atoi(q);
1416 if (opt.nss_keylog < 0 || opt.nss_keylog > 1) {
1417 goto usage;
1418 }
1419 } else if (strcmp(p, "nss_keylog_file") == 0) {
1420 opt.nss_keylog_file = q;
1421 } else if (strcmp(p, "skip_close_notify") == 0) {
1422 opt.skip_close_notify = atoi(q);
1423 if (opt.skip_close_notify < 0 || opt.skip_close_notify > 1) {
1424 goto usage;
1425 }
1426 } else if (strcmp(p, "use_srtp") == 0) {
1427 opt.use_srtp = atoi(q);
1428 } else if (strcmp(p, "srtp_force_profile") == 0) {
1429 opt.force_srtp_profile = atoi(q);
1430 } else if (strcmp(p, "mki") == 0) {
1431 opt.mki = q;
1432 } else if (strcmp(p, "key_opaque_algs") == 0) {
1433 if (key_opaque_alg_parse(q, &opt.key_opaque_alg1,
1434 &opt.key_opaque_alg2) != 0) {
1435 goto usage;
1436 }
1437 } else {
1438 /* This signals that the problem is with p not q */
1439 q = NULL;
1440 goto usage;
1441 }
1442 }
1443 /* This signals that any further errors are not with a single option */
1444 p = q = NULL;
1445
1446 if (opt.nss_keylog != 0 && opt.eap_tls != 0) {
1447 mbedtls_printf("Error: eap_tls and nss_keylog options cannot be used together.\n");
1448 goto usage;
1449 }
1450
1451 /* Event-driven IO is incompatible with the above custom
1452 * receive and send functions, as the polling builds on
1453 * refers to the underlying net_context. */
1454 if (opt.event == 1 && opt.nbio != 1) {
1455 mbedtls_printf("Warning: event-driven IO mandates nbio=1 - overwrite\n");
1456 opt.nbio = 1;
1457 }
1458
1459 #if defined(MBEDTLS_DEBUG_C)
1460 mbedtls_debug_set_threshold(opt.debug_level);
1461 #endif
1462
1463 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
1464 /*
1465 * Unhexify the pre-shared key if any is given
1466 */
1467 if (strlen(opt.psk)) {
1468 if (mbedtls_test_unhexify(psk, sizeof(psk),
1469 opt.psk, &psk_len) != 0) {
1470 mbedtls_printf("pre-shared key not valid\n");
1471 goto exit;
1472 }
1473 }
1474 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
1475
1476 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1477 if (opt.psk_opaque != 0) {
1478 if (opt.psk == NULL) {
1479 mbedtls_printf("psk_opaque set but no psk to be imported specified.\n");
1480 ret = 2;
1481 goto usage;
1482 }
1483
1484 if (opt.force_ciphersuite[0] <= 0) {
1485 mbedtls_printf(
1486 "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n");
1487 ret = 2;
1488 goto usage;
1489 }
1490 }
1491 #endif /* MBEDTLS_USE_PSA_CRYPTO */
1492
1493 if (opt.force_ciphersuite[0] > 0) {
1494 const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
1495 ciphersuite_info =
1496 mbedtls_ssl_ciphersuite_from_id(opt.force_ciphersuite[0]);
1497
1498 if (opt.max_version != -1 &&
1499 ciphersuite_info->min_tls_version > opt.max_version) {
1500 mbedtls_printf("forced ciphersuite not allowed with this protocol version\n");
1501 ret = 2;
1502 goto usage;
1503 }
1504 if (opt.min_version != -1 &&
1505 ciphersuite_info->max_tls_version < opt.min_version) {
1506 mbedtls_printf("forced ciphersuite not allowed with this protocol version\n");
1507 ret = 2;
1508 goto usage;
1509 }
1510
1511 /* If the server selects a version that's not supported by
1512 * this suite, then there will be no common ciphersuite... */
1513 if (opt.max_version == -1 ||
1514 opt.max_version > ciphersuite_info->max_tls_version) {
1515 opt.max_version = ciphersuite_info->max_tls_version;
1516 }
1517 if (opt.min_version < ciphersuite_info->min_tls_version) {
1518 opt.min_version = ciphersuite_info->min_tls_version;
1519 /* DTLS starts with TLS 1.2 */
1520 if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
1521 opt.min_version < MBEDTLS_SSL_VERSION_TLS1_2) {
1522 opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
1523 }
1524 }
1525
1526 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1527 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
1528 if (opt.psk_opaque != 0) {
1529 /* Determine KDF algorithm the opaque PSK will be used in. */
1530 #if defined(MBEDTLS_MD_CAN_SHA384)
1531 if (ciphersuite_info->mac == MBEDTLS_MD_SHA384) {
1532 alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
1533 } else
1534 #endif /* MBEDTLS_MD_CAN_SHA384 */
1535 alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
1536 }
1537 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
1538 #endif /* MBEDTLS_USE_PSA_CRYPTO */
1539 }
1540
1541 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
1542 if (mbedtls_test_unhexify(cid, sizeof(cid),
1543 opt.cid_val, &cid_len) != 0) {
1544 mbedtls_printf("CID not valid\n");
1545 goto exit;
1546 }
1547
1548 /* Keep CID settings for renegotiation unless
1549 * specified otherwise. */
1550 if (opt.cid_enabled_renego == DFL_CID_ENABLED_RENEGO) {
1551 opt.cid_enabled_renego = opt.cid_enabled;
1552 }
1553 if (opt.cid_val_renego == DFL_CID_VALUE_RENEGO) {
1554 opt.cid_val_renego = opt.cid_val;
1555 }
1556
1557 if (mbedtls_test_unhexify(cid_renego, sizeof(cid_renego),
1558 opt.cid_val_renego, &cid_renego_len) != 0) {
1559 mbedtls_printf("CID not valid\n");
1560 goto exit;
1561 }
1562 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
1563
1564 if (opt.groups != NULL) {
1565 if (parse_groups(opt.groups, group_list, GROUP_LIST_SIZE) != 0) {
1566 goto exit;
1567 }
1568 }
1569
1570 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
1571 if (opt.sig_algs != NULL) {
1572 p = (char *) opt.sig_algs;
1573 i = 0;
1574
1575 /* Leave room for a final MBEDTLS_TLS1_3_SIG_NONE in signature algorithm list (sig_alg_list). */
1576 while (i < SIG_ALG_LIST_SIZE - 1 && *p != '\0') {
1577 q = p;
1578
1579 /* Terminate the current string */
1580 while (*p != ',' && *p != '\0') {
1581 p++;
1582 }
1583 if (*p == ',') {
1584 *p++ = '\0';
1585 }
1586
1587 if (strcmp(q, "rsa_pkcs1_sha256") == 0) {
1588 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256;
1589 } else if (strcmp(q, "rsa_pkcs1_sha384") == 0) {
1590 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384;
1591 } else if (strcmp(q, "rsa_pkcs1_sha512") == 0) {
1592 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512;
1593 } else if (strcmp(q, "ecdsa_secp256r1_sha256") == 0) {
1594 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256;
1595 } else if (strcmp(q, "ecdsa_secp384r1_sha384") == 0) {
1596 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384;
1597 } else if (strcmp(q, "ecdsa_secp521r1_sha512") == 0) {
1598 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512;
1599 } else if (strcmp(q, "rsa_pss_rsae_sha256") == 0) {
1600 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256;
1601 } else if (strcmp(q, "rsa_pss_rsae_sha384") == 0) {
1602 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384;
1603 } else if (strcmp(q, "rsa_pss_rsae_sha512") == 0) {
1604 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512;
1605 } else if (strcmp(q, "ed25519") == 0) {
1606 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ED25519;
1607 } else if (strcmp(q, "ed448") == 0) {
1608 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ED448;
1609 } else if (strcmp(q, "rsa_pss_pss_sha256") == 0) {
1610 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA256;
1611 } else if (strcmp(q, "rsa_pss_pss_sha384") == 0) {
1612 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA384;
1613 } else if (strcmp(q, "rsa_pss_pss_sha512") == 0) {
1614 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA512;
1615 } else if (strcmp(q, "rsa_pkcs1_sha1") == 0) {
1616 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA1;
1617 } else if (strcmp(q, "ecdsa_sha1") == 0) {
1618 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SHA1;
1619 } else {
1620 ret = -1;
1621 mbedtls_printf("unknown signature algorithm \"%s\"\n", q);
1622 mbedtls_print_supported_sig_algs();
1623 goto exit;
1624 }
1625 }
1626
1627 if (i == (SIG_ALG_LIST_SIZE - 1) && *p != '\0') {
1628 mbedtls_printf("signature algorithm list too long, maximum %d",
1629 SIG_ALG_LIST_SIZE - 1);
1630 goto exit;
1631 }
1632
1633 sig_alg_list[i] = MBEDTLS_TLS1_3_SIG_NONE;
1634 }
1635 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
1636
1637 #if defined(MBEDTLS_SSL_ALPN)
1638 if (opt.alpn_string != NULL) {
1639 p = (char *) opt.alpn_string;
1640 i = 0;
1641
1642 /* Leave room for a final NULL in alpn_list */
1643 while (i < ALPN_LIST_SIZE - 1 && *p != '\0') {
1644 alpn_list[i++] = p;
1645
1646 /* Terminate the current string and move on to next one */
1647 while (*p != ',' && *p != '\0') {
1648 p++;
1649 }
1650 if (*p == ',') {
1651 *p++ = '\0';
1652 }
1653 }
1654 }
1655 #endif /* MBEDTLS_SSL_ALPN */
1656
1657 mbedtls_printf("build version: %s (build %d)\n",
1658 MBEDTLS_VERSION_STRING_FULL, MBEDTLS_VERSION_NUMBER);
1659
1660 /*
1661 * 0. Initialize the RNG and the session data
1662 */
1663 mbedtls_printf("\n . Seeding the random number generator...");
1664 fflush(stdout);
1665
1666 ret = rng_seed(&rng, opt.reproducible, pers);
1667 if (ret != 0) {
1668 goto exit;
1669 }
1670 mbedtls_printf(" ok\n");
1671
1672 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
1673 /*
1674 * 1.1. Load the trusted CA
1675 */
1676 mbedtls_printf(" . Loading the CA root certificate ...");
1677 fflush(stdout);
1678
1679 if (strcmp(opt.ca_path, "none") == 0 ||
1680 strcmp(opt.ca_file, "none") == 0) {
1681 ret = 0;
1682 } else
1683 #if defined(MBEDTLS_FS_IO)
1684 if (strlen(opt.ca_path)) {
1685 ret = mbedtls_x509_crt_parse_path(&cacert, opt.ca_path);
1686 } else if (strlen(opt.ca_file)) {
1687 ret = mbedtls_x509_crt_parse_file(&cacert, opt.ca_file);
1688 } else
1689 #endif
1690 {
1691 #if defined(MBEDTLS_PEM_PARSE_C)
1692 for (i = 0; mbedtls_test_cas[i] != NULL; i++) {
1693 ret = mbedtls_x509_crt_parse(&cacert,
1694 (const unsigned char *) mbedtls_test_cas[i],
1695 mbedtls_test_cas_len[i]);
1696 if (ret != 0) {
1697 break;
1698 }
1699 }
1700 #endif /* MBEDTLS_PEM_PARSE_C */
1701 if (ret == 0) {
1702 for (i = 0; mbedtls_test_cas_der[i] != NULL; i++) {
1703 ret = mbedtls_x509_crt_parse_der(&cacert,
1704 (const unsigned char *) mbedtls_test_cas_der[i],
1705 mbedtls_test_cas_der_len[i]);
1706 if (ret != 0) {
1707 break;
1708 }
1709 }
1710 }
1711 }
1712 if (ret < 0) {
1713 mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
1714 (unsigned int) -ret);
1715 goto exit;
1716 }
1717
1718 mbedtls_printf(" ok (%d skipped)\n", ret);
1719
1720 /*
1721 * 1.2. Load own certificate and private key
1722 *
1723 * (can be skipped if client authentication is not required)
1724 */
1725 mbedtls_printf(" . Loading the client cert. and key...");
1726 fflush(stdout);
1727
1728 if (strcmp(opt.crt_file, "none") == 0) {
1729 ret = 0;
1730 } else
1731 #if defined(MBEDTLS_FS_IO)
1732 if (strlen(opt.crt_file)) {
1733 ret = mbedtls_x509_crt_parse_file(&clicert, opt.crt_file);
1734 } else
1735 #endif
1736 { ret = mbedtls_x509_crt_parse(&clicert,
1737 (const unsigned char *) mbedtls_test_cli_crt,
1738 mbedtls_test_cli_crt_len); }
1739 if (ret != 0) {
1740 mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
1741 (unsigned int) -ret);
1742 goto exit;
1743 }
1744
1745 if (strcmp(opt.key_file, "none") == 0) {
1746 ret = 0;
1747 } else
1748 #if defined(MBEDTLS_FS_IO)
1749 if (strlen(opt.key_file)) {
1750 ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, opt.key_pwd, rng_get, &rng);
1751 } else
1752 #endif
1753 { ret = mbedtls_pk_parse_key(&pkey,
1754 (const unsigned char *) mbedtls_test_cli_key,
1755 mbedtls_test_cli_key_len, NULL, 0, rng_get, &rng); }
1756 if (ret != 0) {
1757 mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
1758 (unsigned int) -ret);
1759 goto exit;
1760 }
1761
1762 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1763 if (opt.key_opaque != 0) {
1764 psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE;
1765 psa_key_usage_t usage = 0;
1766
1767 if (key_opaque_set_alg_usage(opt.key_opaque_alg1,
1768 opt.key_opaque_alg2,
1769 &psa_alg, &psa_alg2,
1770 &usage,
1771 mbedtls_pk_get_type(&pkey)) == 0) {
1772 ret = pk_wrap_as_opaque(&pkey, psa_alg, psa_alg2, usage, &key_slot);
1773 if (ret != 0) {
1774 mbedtls_printf(" failed\n ! "
1775 "mbedtls_pk_get_psa_attributes returned -0x%x\n\n",
1776 (unsigned int) -ret);
1777 goto exit;
1778 }
1779 }
1780 }
1781 #endif /* MBEDTLS_USE_PSA_CRYPTO */
1782
1783 mbedtls_printf(" ok (key type: %s)\n",
1784 strlen(opt.key_file) || strlen(opt.key_opaque_alg1) ?
1785 mbedtls_pk_get_name(&pkey) : "none");
1786 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
1787
1788 /*
1789 * 2. Setup stuff
1790 */
1791 mbedtls_printf(" . Setting up the SSL/TLS structure...");
1792 fflush(stdout);
1793
1794 if ((ret = mbedtls_ssl_config_defaults(&conf,
1795 MBEDTLS_SSL_IS_CLIENT,
1796 opt.transport,
1797 MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
1798 mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n",
1799 (unsigned int) -ret);
1800 goto exit;
1801 }
1802
1803 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
1804 /* The default algorithms profile disables SHA-1, but our tests still
1805 rely on it heavily. */
1806 if (opt.allow_sha1 > 0) {
1807 crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA1);
1808 mbedtls_ssl_conf_cert_profile(&conf, &crt_profile_for_test);
1809 mbedtls_ssl_conf_sig_algs(&conf, ssl_sig_algs_for_test);
1810 }
1811 if (opt.context_crt_cb == 0) {
1812 mbedtls_ssl_conf_verify(&conf, my_verify, NULL);
1813 }
1814
1815 memset(peer_crt_info, 0, sizeof(peer_crt_info));
1816 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
1817
1818 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
1819 if (opt.cid_enabled == 1 || opt.cid_enabled_renego == 1) {
1820 if (opt.cid_enabled == 1 &&
1821 opt.cid_enabled_renego == 1 &&
1822 cid_len != cid_renego_len) {
1823 mbedtls_printf("CID length must not change during renegotiation\n");
1824 goto usage;
1825 }
1826
1827 if (opt.cid_enabled == 1) {
1828 ret = mbedtls_ssl_conf_cid(&conf, cid_len,
1829 MBEDTLS_SSL_UNEXPECTED_CID_IGNORE);
1830 } else {
1831 ret = mbedtls_ssl_conf_cid(&conf, cid_renego_len,
1832 MBEDTLS_SSL_UNEXPECTED_CID_IGNORE);
1833 }
1834
1835 if (ret != 0) {
1836 mbedtls_printf(" failed\n ! mbedtls_ssl_conf_cid_len returned -%#04x\n\n",
1837 (unsigned int) -ret);
1838 goto exit;
1839 }
1840 }
1841 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
1842
1843 if (opt.auth_mode != DFL_AUTH_MODE) {
1844 mbedtls_ssl_conf_authmode(&conf, opt.auth_mode);
1845 }
1846
1847 #if defined(MBEDTLS_SSL_PROTO_DTLS)
1848 if (opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX) {
1849 mbedtls_ssl_conf_handshake_timeout(&conf, opt.hs_to_min,
1850 opt.hs_to_max);
1851 }
1852
1853 if (opt.dgram_packing != DFL_DGRAM_PACKING) {
1854 mbedtls_ssl_set_datagram_packing(&ssl, opt.dgram_packing);
1855 }
1856 #endif /* MBEDTLS_SSL_PROTO_DTLS */
1857
1858 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
1859 if ((ret = mbedtls_ssl_conf_max_frag_len(&conf, opt.mfl_code)) != 0) {
1860 mbedtls_printf(" failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n",
1861 ret);
1862 goto exit;
1863 }
1864 #endif
1865
1866 #if defined(MBEDTLS_SSL_DTLS_SRTP)
1867 const mbedtls_ssl_srtp_profile forced_profile[] =
1868 { opt.force_srtp_profile, MBEDTLS_TLS_SRTP_UNSET };
1869 if (opt.use_srtp == 1) {
1870 if (opt.force_srtp_profile != 0) {
1871 ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles(&conf, forced_profile);
1872 } else {
1873 ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles(&conf, default_profiles);
1874 }
1875
1876 if (ret != 0) {
1877 mbedtls_printf(" failed\n ! "
1878 "mbedtls_ssl_conf_dtls_srtp_protection_profiles returned %d\n\n",
1879 ret);
1880 goto exit;
1881 }
1882
1883 } else if (opt.force_srtp_profile != 0) {
1884 mbedtls_printf(" failed\n ! must enable use_srtp to force srtp profile\n\n");
1885 goto exit;
1886 }
1887 #endif /* MBEDTLS_SSL_DTLS_SRTP */
1888
1889 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
1890 if (opt.extended_ms != DFL_EXTENDED_MS) {
1891 mbedtls_ssl_conf_extended_master_secret(&conf, opt.extended_ms);
1892 }
1893 #endif
1894
1895 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1896 if (opt.etm != DFL_ETM) {
1897 mbedtls_ssl_conf_encrypt_then_mac(&conf, opt.etm);
1898 }
1899 #endif
1900
1901 #if defined(MBEDTLS_DHM_C)
1902 if (opt.dhmlen != DFL_DHMLEN) {
1903 mbedtls_ssl_conf_dhm_min_bitlen(&conf, opt.dhmlen);
1904 }
1905 #endif
1906
1907 #if defined(MBEDTLS_SSL_ALPN)
1908 if (opt.alpn_string != NULL) {
1909 if ((ret = mbedtls_ssl_conf_alpn_protocols(&conf, alpn_list)) != 0) {
1910 mbedtls_printf(" failed\n ! mbedtls_ssl_conf_alpn_protocols returned %d\n\n",
1911 ret);
1912 goto exit;
1913 }
1914 }
1915 #endif
1916
1917 if (opt.reproducible) {
1918 #if defined(MBEDTLS_HAVE_TIME)
1919 #if defined(MBEDTLS_PLATFORM_TIME_ALT)
1920 mbedtls_platform_set_time(dummy_constant_time);
1921 #else
1922 fprintf(stderr, "Warning: reproducible option used without constant time\n");
1923 #endif
1924 #endif /* MBEDTLS_HAVE_TIME */
1925 }
1926 mbedtls_ssl_conf_rng(&conf, rng_get, &rng);
1927 mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
1928
1929 mbedtls_ssl_conf_read_timeout(&conf, opt.read_timeout);
1930
1931 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
1932 mbedtls_ssl_conf_session_tickets(&conf, opt.tickets);
1933 #endif
1934
1935 if (opt.force_ciphersuite[0] != DFL_FORCE_CIPHER) {
1936 mbedtls_ssl_conf_ciphersuites(&conf, opt.force_ciphersuite);
1937 }
1938
1939 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
1940 mbedtls_ssl_conf_tls13_key_exchange_modes(&conf, opt.tls13_kex_modes);
1941 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
1942
1943 if (opt.allow_legacy != DFL_ALLOW_LEGACY) {
1944 mbedtls_ssl_conf_legacy_renegotiation(&conf, opt.allow_legacy);
1945 }
1946 #if defined(MBEDTLS_SSL_RENEGOTIATION)
1947 mbedtls_ssl_conf_renegotiation(&conf, opt.renegotiation);
1948 #endif
1949
1950 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
1951 if (strcmp(opt.ca_path, "none") != 0 &&
1952 strcmp(opt.ca_file, "none") != 0) {
1953 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
1954 if (opt.ca_callback != 0) {
1955 mbedtls_ssl_conf_ca_cb(&conf, ca_callback, &cacert);
1956 } else
1957 #endif
1958 mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
1959 }
1960 if (strcmp(opt.crt_file, "none") != 0 &&
1961 strcmp(opt.key_file, "none") != 0) {
1962 if ((ret = mbedtls_ssl_conf_own_cert(&conf, &clicert, &pkey)) != 0) {
1963 mbedtls_printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n",
1964 ret);
1965 goto exit;
1966 }
1967 }
1968 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
1969
1970 #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) || \
1971 (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
1972 defined(PSA_WANT_ALG_FFDH))
1973 if (opt.groups != NULL &&
1974 strcmp(opt.groups, "default") != 0) {
1975 mbedtls_ssl_conf_groups(&conf, group_list);
1976 }
1977 #endif
1978
1979 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
1980 if (opt.sig_algs != NULL) {
1981 mbedtls_ssl_conf_sig_algs(&conf, sig_alg_list);
1982 }
1983 #endif
1984
1985 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
1986 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1987 if (opt.psk_opaque != 0) {
1988 key_attributes = psa_key_attributes_init();
1989 psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
1990 psa_set_key_algorithm(&key_attributes, alg);
1991 psa_set_key_type(&key_attributes, PSA_KEY_TYPE_DERIVE);
1992
1993 status = psa_import_key(&key_attributes, psk, psk_len, &slot);
1994 if (status != PSA_SUCCESS) {
1995 ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
1996 goto exit;
1997 }
1998
1999 if ((ret = mbedtls_ssl_conf_psk_opaque(&conf, slot,
2000 (const unsigned char *) opt.psk_identity,
2001 strlen(opt.psk_identity))) != 0) {
2002 mbedtls_printf(" failed\n ! mbedtls_ssl_conf_psk_opaque returned %d\n\n",
2003 ret);
2004 goto exit;
2005 }
2006 } else
2007 #endif /* MBEDTLS_USE_PSA_CRYPTO */
2008 if (psk_len > 0) {
2009 ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len,
2010 (const unsigned char *) opt.psk_identity,
2011 strlen(opt.psk_identity));
2012 if (ret != 0) {
2013 mbedtls_printf(" failed\n ! mbedtls_ssl_conf_psk returned %d\n\n", ret);
2014 goto exit;
2015 }
2016 }
2017 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
2018
2019 if (opt.min_version != DFL_MIN_VERSION) {
2020 mbedtls_ssl_conf_min_tls_version(&conf, opt.min_version);
2021 }
2022
2023 if (opt.max_version != DFL_MAX_VERSION) {
2024 mbedtls_ssl_conf_max_tls_version(&conf, opt.max_version);
2025 }
2026
2027 #if defined(MBEDTLS_SSL_EARLY_DATA)
2028 if (opt.early_data != DFL_EARLY_DATA) {
2029 mbedtls_ssl_conf_early_data(&conf, opt.early_data);
2030 }
2031 #endif /* MBEDTLS_SSL_EARLY_DATA */
2032
2033 if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
2034 mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned -0x%x\n\n",
2035 (unsigned int) -ret);
2036 goto exit;
2037 }
2038
2039 if (opt.eap_tls != 0) {
2040 mbedtls_ssl_set_export_keys_cb(&ssl, eap_tls_key_derivation,
2041 &eap_tls_keying);
2042 } else if (opt.nss_keylog != 0) {
2043 mbedtls_ssl_set_export_keys_cb(&ssl,
2044 nss_keylog_export,
2045 NULL);
2046 }
2047 #if defined(MBEDTLS_SSL_DTLS_SRTP)
2048 else if (opt.use_srtp != 0) {
2049 mbedtls_ssl_set_export_keys_cb(&ssl, dtls_srtp_key_derivation,
2050 &dtls_srtp_keying);
2051 }
2052 #endif /* MBEDTLS_SSL_DTLS_SRTP */
2053
2054 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
2055 if ((ret = mbedtls_ssl_set_hostname(&ssl, opt.server_name)) != 0) {
2056 mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
2057 ret);
2058 goto exit;
2059 }
2060 #endif
2061
2062 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
2063 if (opt.ecjpake_pw != DFL_ECJPAKE_PW) {
2064 #if defined(MBEDTLS_USE_PSA_CRYPTO)
2065 if (opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE) {
2066 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
2067
2068 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
2069 psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE);
2070 psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD);
2071
2072 status = psa_import_key(&attributes,
2073 (const unsigned char *) opt.ecjpake_pw,
2074 strlen(opt.ecjpake_pw),
2075 &ecjpake_pw_slot);
2076 if (status != PSA_SUCCESS) {
2077 mbedtls_printf(" failed\n ! psa_import_key returned %d\n\n",
2078 status);
2079 goto exit;
2080 }
2081 if ((ret = mbedtls_ssl_set_hs_ecjpake_password_opaque(&ssl,
2082 ecjpake_pw_slot)) != 0) {
2083 mbedtls_printf(
2084 " failed\n ! mbedtls_ssl_set_hs_ecjpake_password_opaque returned %d\n\n",
2085 ret);
2086 goto exit;
2087 }
2088 mbedtls_printf("using opaque password\n");
2089 } else
2090 #endif /* MBEDTLS_USE_PSA_CRYPTO */
2091 {
2092 if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl,
2093 (const unsigned char *) opt.ecjpake_pw,
2094 strlen(opt.ecjpake_pw))) != 0) {
2095 mbedtls_printf(" failed\n ! mbedtls_ssl_set_hs_ecjpake_password returned %d\n\n",
2096 ret);
2097 goto exit;
2098 }
2099 }
2100 }
2101 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
2102
2103 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
2104 if (opt.context_crt_cb == 1) {
2105 mbedtls_ssl_set_verify(&ssl, my_verify, NULL);
2106 }
2107 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
2108
2109 io_ctx.ssl = &ssl;
2110 io_ctx.net = &server_fd;
2111 mbedtls_ssl_set_bio(&ssl, &io_ctx, send_cb, recv_cb,
2112 opt.nbio == 0 ? recv_timeout_cb : NULL);
2113
2114 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
2115 if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
2116 if ((ret = mbedtls_ssl_set_cid(&ssl, opt.cid_enabled,
2117 cid, cid_len)) != 0) {
2118 mbedtls_printf(" failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
2119 ret);
2120 goto exit;
2121 }
2122 }
2123 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
2124
2125 #if defined(MBEDTLS_SSL_PROTO_DTLS)
2126 if (opt.dtls_mtu != DFL_DTLS_MTU) {
2127 mbedtls_ssl_set_mtu(&ssl, opt.dtls_mtu);
2128 }
2129 #endif
2130
2131 #if defined(MBEDTLS_TIMING_C)
2132 mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay,
2133 mbedtls_timing_get_delay);
2134 #endif
2135
2136 #if defined(MBEDTLS_ECP_RESTARTABLE)
2137 if (opt.ec_max_ops != DFL_EC_MAX_OPS) {
2138 mbedtls_ecp_set_max_ops(opt.ec_max_ops);
2139 }
2140 #endif
2141
2142 #if defined(MBEDTLS_SSL_DTLS_SRTP)
2143 if (opt.use_srtp != 0 && strlen(opt.mki) != 0) {
2144 if (mbedtls_test_unhexify(mki, sizeof(mki),
2145 opt.mki, &mki_len) != 0) {
2146 mbedtls_printf("mki value not valid hex\n");
2147 goto exit;
2148 }
2149
2150 mbedtls_ssl_conf_srtp_mki_value_supported(&conf, MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED);
2151 if ((ret = mbedtls_ssl_dtls_srtp_set_mki_value(&ssl, mki,
2152 (uint16_t) strlen(opt.mki) / 2)) != 0) {
2153 mbedtls_printf(" failed\n ! mbedtls_ssl_dtls_srtp_set_mki_value returned %d\n\n", ret);
2154 goto exit;
2155 }
2156 }
2157 #endif
2158
2159 mbedtls_printf(" ok\n");
2160
2161 /*
2162 * 3. Start the connection
2163 */
2164 if (opt.server_addr == NULL) {
2165 opt.server_addr = opt.server_name;
2166 }
2167
2168 mbedtls_printf(" . Connecting to %s/%s/%s...",
2169 opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? "tcp" : "udp",
2170 opt.server_addr, opt.server_port);
2171 fflush(stdout);
2172
2173 if ((ret = mbedtls_net_connect(&server_fd,
2174 opt.server_addr, opt.server_port,
2175 opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
2176 MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP)) != 0) {
2177 mbedtls_printf(" failed\n ! mbedtls_net_connect returned -0x%x\n\n",
2178 (unsigned int) -ret);
2179 goto exit;
2180 }
2181
2182 if (opt.nbio > 0) {
2183 ret = mbedtls_net_set_nonblock(&server_fd);
2184 } else {
2185 ret = mbedtls_net_set_block(&server_fd);
2186 }
2187 if (ret != 0) {
2188 mbedtls_printf(" failed\n ! net_set_(non)block() returned -0x%x\n\n",
2189 (unsigned int) -ret);
2190 goto exit;
2191 }
2192
2193 mbedtls_printf(" ok\n");
2194
2195 /*
2196 * 4. Handshake
2197 */
2198 mbedtls_printf(" . Performing the SSL/TLS handshake...");
2199 fflush(stdout);
2200
2201 while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
2202 if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
2203 ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
2204 ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
2205 mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n",
2206 (unsigned int) -ret);
2207 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
2208 if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ||
2209 ret == MBEDTLS_ERR_SSL_BAD_CERTIFICATE) {
2210 mbedtls_printf(
2211 " Unable to verify the server's certificate. "
2212 "Either it is invalid,\n"
2213 " or you didn't set ca_file or ca_path "
2214 "to an appropriate value.\n"
2215 " Alternatively, you may want to use "
2216 "auth_mode=optional for testing purposes if "
2217 "not using TLS 1.3.\n"
2218 " For TLS 1.3 server, try `ca_path=/etc/ssl/certs/`"
2219 "or other folder that has root certificates\n");
2220
2221 flags = mbedtls_ssl_get_verify_result(&ssl);
2222 char vrfy_buf[512];
2223 x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags);
2224 mbedtls_printf("%s\n", vrfy_buf);
2225 }
2226 #endif
2227 mbedtls_printf("\n");
2228 goto exit;
2229 }
2230
2231 #if defined(MBEDTLS_ECP_RESTARTABLE)
2232 if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
2233 continue;
2234 }
2235 #endif
2236
2237 /* For event-driven IO, wait for socket to become available */
2238 if (opt.event == 1 /* level triggered IO */) {
2239 #if defined(MBEDTLS_TIMING_C)
2240 ret = idle(&server_fd, &timer, ret);
2241 #else
2242 ret = idle(&server_fd, ret);
2243 #endif
2244 if (ret != 0) {
2245 goto exit;
2246 }
2247 }
2248 }
2249
2250 {
2251 int suite_id = mbedtls_ssl_get_ciphersuite_id_from_ssl(&ssl);
2252 const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
2253 ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(suite_id);
2254
2255 mbedtls_printf(" ok\n [ Protocol is %s ]\n"
2256 " [ Ciphersuite is %s ]\n"
2257 " [ Key size is %u ]\n",
2258 mbedtls_ssl_get_version(&ssl),
2259 mbedtls_ssl_ciphersuite_get_name(ciphersuite_info),
2260 (unsigned int)
2261 mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(ciphersuite_info));
2262 }
2263
2264 if ((ret = mbedtls_ssl_get_record_expansion(&ssl)) >= 0) {
2265 mbedtls_printf(" [ Record expansion is %d ]\n", ret);
2266 } else {
2267 mbedtls_printf(" [ Record expansion is unknown ]\n");
2268 }
2269
2270 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
2271 mbedtls_printf(" [ Maximum incoming record payload length is %u ]\n",
2272 (unsigned int) mbedtls_ssl_get_max_in_record_payload(&ssl));
2273 mbedtls_printf(" [ Maximum outgoing record payload length is %u ]\n",
2274 (unsigned int) mbedtls_ssl_get_max_out_record_payload(&ssl));
2275 #endif
2276
2277 #if defined(MBEDTLS_SSL_ALPN)
2278 if (opt.alpn_string != NULL) {
2279 const char *alp = mbedtls_ssl_get_alpn_protocol(&ssl);
2280 mbedtls_printf(" [ Application Layer Protocol is %s ]\n",
2281 alp ? alp : "(none)");
2282 }
2283 #endif
2284
2285 if (opt.eap_tls != 0) {
2286 size_t j = 0;
2287
2288 if ((ret = mbedtls_ssl_tls_prf(eap_tls_keying.tls_prf_type,
2289 eap_tls_keying.master_secret,
2290 sizeof(eap_tls_keying.master_secret),
2291 eap_tls_label,
2292 eap_tls_keying.randbytes,
2293 sizeof(eap_tls_keying.randbytes),
2294 eap_tls_keymaterial,
2295 sizeof(eap_tls_keymaterial)))
2296 != 0) {
2297 mbedtls_printf(" failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
2298 (unsigned int) -ret);
2299 goto exit;
2300 }
2301
2302 mbedtls_printf(" EAP-TLS key material is:");
2303 for (j = 0; j < sizeof(eap_tls_keymaterial); j++) {
2304 if (j % 8 == 0) {
2305 mbedtls_printf("\n ");
2306 }
2307 mbedtls_printf("%02x ", eap_tls_keymaterial[j]);
2308 }
2309 mbedtls_printf("\n");
2310
2311 if ((ret = mbedtls_ssl_tls_prf(eap_tls_keying.tls_prf_type, NULL, 0,
2312 eap_tls_label,
2313 eap_tls_keying.randbytes,
2314 sizeof(eap_tls_keying.randbytes),
2315 eap_tls_iv,
2316 sizeof(eap_tls_iv))) != 0) {
2317 mbedtls_printf(" failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
2318 (unsigned int) -ret);
2319 goto exit;
2320 }
2321
2322 mbedtls_printf(" EAP-TLS IV is:");
2323 for (j = 0; j < sizeof(eap_tls_iv); j++) {
2324 if (j % 8 == 0) {
2325 mbedtls_printf("\n ");
2326 }
2327 mbedtls_printf("%02x ", eap_tls_iv[j]);
2328 }
2329 mbedtls_printf("\n");
2330 }
2331
2332 #if defined(MBEDTLS_SSL_DTLS_SRTP)
2333 else if (opt.use_srtp != 0) {
2334 size_t j = 0;
2335 mbedtls_dtls_srtp_info dtls_srtp_negotiation_result;
2336 mbedtls_ssl_get_dtls_srtp_negotiation_result(&ssl, &dtls_srtp_negotiation_result);
2337
2338 if (dtls_srtp_negotiation_result.chosen_dtls_srtp_profile
2339 == MBEDTLS_TLS_SRTP_UNSET) {
2340 mbedtls_printf(" Unable to negotiate "
2341 "the use of DTLS-SRTP\n");
2342 } else {
2343 if ((ret = mbedtls_ssl_tls_prf(dtls_srtp_keying.tls_prf_type,
2344 dtls_srtp_keying.master_secret,
2345 sizeof(dtls_srtp_keying.master_secret),
2346 dtls_srtp_label,
2347 dtls_srtp_keying.randbytes,
2348 sizeof(dtls_srtp_keying.randbytes),
2349 dtls_srtp_key_material,
2350 sizeof(dtls_srtp_key_material)))
2351 != 0) {
2352 mbedtls_printf(" failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
2353 (unsigned int) -ret);
2354 goto exit;
2355 }
2356
2357 mbedtls_printf(" DTLS-SRTP key material is:");
2358 for (j = 0; j < sizeof(dtls_srtp_key_material); j++) {
2359 if (j % 8 == 0) {
2360 mbedtls_printf("\n ");
2361 }
2362 mbedtls_printf("%02x ", dtls_srtp_key_material[j]);
2363 }
2364 mbedtls_printf("\n");
2365
2366 /* produce a less readable output used to perform automatic checks
2367 * - compare client and server output
2368 * - interop test with openssl which client produces this kind of output
2369 */
2370 mbedtls_printf(" Keying material: ");
2371 for (j = 0; j < sizeof(dtls_srtp_key_material); j++) {
2372 mbedtls_printf("%02X", dtls_srtp_key_material[j]);
2373 }
2374 mbedtls_printf("\n");
2375
2376 if (dtls_srtp_negotiation_result.mki_len > 0) {
2377 mbedtls_printf(" DTLS-SRTP mki value: ");
2378 for (j = 0; j < dtls_srtp_negotiation_result.mki_len; j++) {
2379 mbedtls_printf("%02X", dtls_srtp_negotiation_result.mki_value[j]);
2380 }
2381 } else {
2382 mbedtls_printf(" DTLS-SRTP no mki value negotiated");
2383 }
2384 mbedtls_printf("\n");
2385 }
2386 }
2387 #endif /* MBEDTLS_SSL_DTLS_SRTP */
2388 if (opt.reconnect != 0 && ssl.tls_version != MBEDTLS_SSL_VERSION_TLS1_3) {
2389 mbedtls_printf(" . Saving session for reuse...");
2390 fflush(stdout);
2391
2392 if (opt.reco_mode == 1) {
2393 if ((ret = ssl_save_session_serialize(&ssl,
2394 &session_data, &session_data_len)) != 0) {
2395 mbedtls_printf(" failed\n ! ssl_save_session_serialize returned -0x%04x\n\n",
2396 (unsigned int) -ret);
2397 goto exit;
2398 }
2399
2400 } else {
2401 if ((ret = mbedtls_ssl_get_session(&ssl, &saved_session)) != 0) {
2402 mbedtls_printf(" failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n",
2403 (unsigned int) -ret);
2404 goto exit;
2405 }
2406 }
2407
2408 mbedtls_printf(" ok\n");
2409
2410 if (opt.reco_mode == 1) {
2411 mbedtls_printf(" [ Saved %u bytes of session data]\n",
2412 (unsigned) session_data_len);
2413 }
2414 }
2415
2416 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
2417 /*
2418 * 5. Verify the server certificate
2419 */
2420 mbedtls_printf(" . Verifying peer X.509 certificate...");
2421
2422 if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0) {
2423 char vrfy_buf[512];
2424 mbedtls_printf(" failed\n");
2425
2426 x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf),
2427 " ! ", flags);
2428
2429 mbedtls_printf("%s\n", vrfy_buf);
2430 } else {
2431 mbedtls_printf(" ok\n");
2432 }
2433
2434 #if !defined(MBEDTLS_X509_REMOVE_INFO)
2435 mbedtls_printf(" . Peer certificate information ...\n");
2436 mbedtls_printf("%s\n", peer_crt_info);
2437 #endif /* !MBEDTLS_X509_REMOVE_INFO */
2438 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
2439
2440 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
2441 ret = report_cid_usage(&ssl, "initial handshake");
2442 if (ret != 0) {
2443 goto exit;
2444 }
2445
2446 if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
2447 if ((ret = mbedtls_ssl_set_cid(&ssl, opt.cid_enabled_renego,
2448 cid_renego,
2449 cid_renego_len)) != 0) {
2450 mbedtls_printf(" failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
2451 ret);
2452 goto exit;
2453 }
2454 }
2455 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
2456
2457 #if defined(MBEDTLS_SSL_RENEGOTIATION)
2458 if (opt.renegotiate) {
2459 /*
2460 * Perform renegotiation (this must be done when the server is waiting
2461 * for input from our side).
2462 */
2463 mbedtls_printf(" . Performing renegotiation...");
2464 fflush(stdout);
2465 while ((ret = mbedtls_ssl_renegotiate(&ssl)) != 0) {
2466 if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
2467 ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
2468 ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
2469 mbedtls_printf(" failed\n ! mbedtls_ssl_renegotiate returned %d\n\n",
2470 ret);
2471 goto exit;
2472 }
2473
2474 #if defined(MBEDTLS_ECP_RESTARTABLE)
2475 if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
2476 continue;
2477 }
2478 #endif
2479
2480 /* For event-driven IO, wait for socket to become available */
2481 if (opt.event == 1 /* level triggered IO */) {
2482 #if defined(MBEDTLS_TIMING_C)
2483 idle(&server_fd, &timer, ret);
2484 #else
2485 idle(&server_fd, ret);
2486 #endif
2487 }
2488
2489 }
2490 mbedtls_printf(" ok\n");
2491 }
2492 #endif /* MBEDTLS_SSL_RENEGOTIATION */
2493
2494 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
2495 ret = report_cid_usage(&ssl, "after renegotiation");
2496 if (ret != 0) {
2497 goto exit;
2498 }
2499 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
2500
2501 /*
2502 * 6. Write the GET request
2503 */
2504 retry_left = opt.max_resend;
2505 send_request:
2506 mbedtls_printf(" > Write to server:");
2507 fflush(stdout);
2508
2509 ret = build_http_request(buf, sizeof(buf) - 1, &len);
2510 if (ret != 0) {
2511 goto exit;
2512 }
2513
2514 if (opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM) {
2515 written = 0;
2516 frags = 0;
2517
2518 do {
2519 while ((ret = mbedtls_ssl_write(&ssl, buf + written,
2520 len - written)) < 0) {
2521 if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
2522 ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
2523 ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
2524 mbedtls_printf(" failed\n ! mbedtls_ssl_write returned -0x%x\n\n",
2525 (unsigned int) -ret);
2526 goto exit;
2527 }
2528
2529 /* For event-driven IO, wait for socket to become available */
2530 if (opt.event == 1 /* level triggered IO */) {
2531 #if defined(MBEDTLS_TIMING_C)
2532 idle(&server_fd, &timer, ret);
2533 #else
2534 idle(&server_fd, ret);
2535 #endif
2536 }
2537 }
2538
2539 frags++;
2540 written += ret;
2541 } while (written < len);
2542 } else { /* Not stream, so datagram */
2543 while (1) {
2544 ret = mbedtls_ssl_write(&ssl, buf, len);
2545
2546 #if defined(MBEDTLS_ECP_RESTARTABLE)
2547 if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
2548 continue;
2549 }
2550 #endif
2551
2552 if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
2553 ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
2554 break;
2555 }
2556
2557 /* For event-driven IO, wait for socket to become available */
2558 if (opt.event == 1 /* level triggered IO */) {
2559 #if defined(MBEDTLS_TIMING_C)
2560 idle(&server_fd, &timer, ret);
2561 #else
2562 idle(&server_fd, ret);
2563 #endif
2564 }
2565 }
2566
2567 if (ret < 0) {
2568 mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n",
2569 ret);
2570 goto exit;
2571 }
2572
2573 frags = 1;
2574 written = ret;
2575
2576 if (written < len) {
2577 mbedtls_printf(" warning\n ! request didn't fit into single datagram and "
2578 "was truncated to size %u", (unsigned) written);
2579 }
2580 }
2581
2582 buf[written] = '\0';
2583 mbedtls_printf(
2584 " %" MBEDTLS_PRINTF_SIZET " bytes written in %" MBEDTLS_PRINTF_SIZET " fragments\n\n%s\n",
2585 written,
2586 frags,
2587 (char *) buf);
2588
2589 /* Send a non-empty request if request_size == 0 */
2590 if (len == 0) {
2591 opt.request_size = DFL_REQUEST_SIZE;
2592 goto send_request;
2593 }
2594
2595 /*
2596 * 7. Read the HTTP response
2597 */
2598
2599 /*
2600 * TLS and DTLS need different reading styles (stream vs datagram)
2601 */
2602 if (opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM) {
2603 #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
2604 int ticket_id = 0;
2605 #endif
2606 do {
2607 len = sizeof(buf) - 1;
2608 memset(buf, 0, sizeof(buf));
2609 ret = mbedtls_ssl_read(&ssl, buf, len);
2610
2611 #if defined(MBEDTLS_ECP_RESTARTABLE)
2612 if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
2613 continue;
2614 }
2615 #endif
2616
2617 if (ret == MBEDTLS_ERR_SSL_WANT_READ ||
2618 ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
2619 /* For event-driven IO, wait for socket to become available */
2620 if (opt.event == 1 /* level triggered IO */) {
2621 #if defined(MBEDTLS_TIMING_C)
2622 idle(&server_fd, &timer, ret);
2623 #else
2624 idle(&server_fd, ret);
2625 #endif
2626 }
2627 continue;
2628 }
2629
2630 if (ret <= 0) {
2631 switch (ret) {
2632 case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
2633 mbedtls_printf(" connection was closed gracefully\n");
2634 ret = 0;
2635 goto close_notify;
2636
2637 case 0:
2638 case MBEDTLS_ERR_NET_CONN_RESET:
2639 mbedtls_printf(" connection was reset by peer\n");
2640 ret = 0;
2641 goto reconnect;
2642
2643 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
2644
2645 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
2646 case MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET:
2647 /* We were waiting for application data but got
2648 * a NewSessionTicket instead. */
2649 mbedtls_printf(" got new session ticket ( %d ).\n",
2650 ticket_id++);
2651 if (opt.reconnect != 0) {
2652 mbedtls_printf(" . Saving session for reuse...");
2653 fflush(stdout);
2654
2655 if (opt.reco_mode == 1) {
2656 if ((ret = ssl_save_session_serialize(&ssl,
2657 &session_data,
2658 &session_data_len)) != 0) {
2659 mbedtls_printf(
2660 " failed\n ! ssl_save_session_serialize returned -0x%04x\n\n",
2661 (unsigned int) -ret);
2662 goto exit;
2663 }
2664 } else {
2665 if ((ret = mbedtls_ssl_get_session(&ssl, &saved_session)) != 0) {
2666 mbedtls_printf(
2667 " failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n",
2668 (unsigned int) -ret);
2669 goto exit;
2670 }
2671 }
2672
2673 mbedtls_printf(" ok\n");
2674
2675 if (opt.reco_mode == 1) {
2676 mbedtls_printf(" [ Saved %u bytes of session data]\n",
2677 (unsigned) session_data_len);
2678 }
2679 }
2680 continue;
2681 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
2682
2683 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
2684
2685 default:
2686 mbedtls_printf(" mbedtls_ssl_read returned -0x%x\n",
2687 (unsigned int) -ret);
2688 goto exit;
2689 }
2690 }
2691
2692 len = ret;
2693 buf[len] = '\0';
2694 mbedtls_printf(" < Read from server: %" MBEDTLS_PRINTF_SIZET " bytes read\n\n%s",
2695 len,
2696 (char *) buf);
2697 fflush(stdout);
2698 /* End of message should be detected according to the syntax of the
2699 * application protocol (eg HTTP), just use a dummy test here. */
2700 if (ret > 0 && buf[len-1] == '\n') {
2701 ret = 0;
2702 break;
2703 }
2704 } while (1);
2705 } else { /* Not stream, so datagram */
2706 len = sizeof(buf) - 1;
2707 memset(buf, 0, sizeof(buf));
2708
2709 while (1) {
2710 ret = mbedtls_ssl_read(&ssl, buf, len);
2711
2712 #if defined(MBEDTLS_ECP_RESTARTABLE)
2713 if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
2714 continue;
2715 }
2716 #endif
2717
2718 if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
2719 ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
2720 break;
2721 }
2722
2723 /* For event-driven IO, wait for socket to become available */
2724 if (opt.event == 1 /* level triggered IO */) {
2725 #if defined(MBEDTLS_TIMING_C)
2726 idle(&server_fd, &timer, ret);
2727 #else
2728 idle(&server_fd, ret);
2729 #endif
2730 }
2731 }
2732
2733 if (ret <= 0) {
2734 switch (ret) {
2735 case MBEDTLS_ERR_SSL_TIMEOUT:
2736 mbedtls_printf(" timeout\n");
2737 if (retry_left-- > 0) {
2738 goto send_request;
2739 }
2740 goto exit;
2741
2742 case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
2743 mbedtls_printf(" connection was closed gracefully\n");
2744 ret = 0;
2745 goto close_notify;
2746
2747 default:
2748 mbedtls_printf(" mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret);
2749 goto exit;
2750 }
2751 }
2752
2753 len = ret;
2754 buf[len] = '\0';
2755 mbedtls_printf(" < Read from server: %" MBEDTLS_PRINTF_SIZET " bytes read\n\n%s",
2756 len,
2757 (char *) buf);
2758 ret = 0;
2759 }
2760
2761 /*
2762 * 7b. Simulate hard reset and reconnect from same port?
2763 */
2764 if (opt.reconnect_hard != 0) {
2765 opt.reconnect_hard = 0;
2766
2767 mbedtls_printf(" . Restarting connection from same port...");
2768 fflush(stdout);
2769
2770 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
2771 memset(peer_crt_info, 0, sizeof(peer_crt_info));
2772 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
2773
2774 if ((ret = mbedtls_ssl_session_reset(&ssl)) != 0) {
2775 mbedtls_printf(" failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n",
2776 (unsigned int) -ret);
2777 goto exit;
2778 }
2779
2780 while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
2781 if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
2782 ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
2783 ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
2784 mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
2785 (unsigned int) -ret);
2786 goto exit;
2787 }
2788
2789 /* For event-driven IO, wait for socket to become available */
2790 if (opt.event == 1 /* level triggered IO */) {
2791 #if defined(MBEDTLS_TIMING_C)
2792 idle(&server_fd, &timer, ret);
2793 #else
2794 idle(&server_fd, ret);
2795 #endif
2796 }
2797 }
2798
2799 mbedtls_printf(" ok\n");
2800
2801 goto send_request;
2802 }
2803
2804 /*
2805 * 7c. Simulate serialize/deserialize and go back to data exchange
2806 */
2807 #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
2808 if (opt.serialize != 0) {
2809 size_t buf_len;
2810
2811 mbedtls_printf(" . Serializing live connection...");
2812
2813 ret = mbedtls_ssl_context_save(&ssl, NULL, 0, &buf_len);
2814 if (ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) {
2815 mbedtls_printf(" failed\n ! mbedtls_ssl_context_save returned "
2816 "-0x%x\n\n", (unsigned int) -ret);
2817
2818 goto exit;
2819 }
2820
2821 if ((context_buf = mbedtls_calloc(1, buf_len)) == NULL) {
2822 mbedtls_printf(" failed\n ! Couldn't allocate buffer for "
2823 "serialized context");
2824
2825 goto exit;
2826 }
2827 context_buf_len = buf_len;
2828
2829 if ((ret = mbedtls_ssl_context_save(&ssl, context_buf,
2830 buf_len, &buf_len)) != 0) {
2831 mbedtls_printf(" failed\n ! mbedtls_ssl_context_save returned "
2832 "-0x%x\n\n", (unsigned int) -ret);
2833
2834 goto exit;
2835 }
2836
2837 mbedtls_printf(" ok\n");
2838
2839 /* Save serialized context to the 'opt.context_file' as a base64 code */
2840 if (0 < strlen(opt.context_file)) {
2841 FILE *b64_file;
2842 uint8_t *b64_buf;
2843 size_t b64_len;
2844
2845 mbedtls_printf(" . Save serialized context to a file... ");
2846
2847 mbedtls_base64_encode(NULL, 0, &b64_len, context_buf, buf_len);
2848
2849 if ((b64_buf = mbedtls_calloc(1, b64_len)) == NULL) {
2850 mbedtls_printf("failed\n ! Couldn't allocate buffer for "
2851 "the base64 code\n");
2852 goto exit;
2853 }
2854
2855 if ((ret = mbedtls_base64_encode(b64_buf, b64_len, &b64_len,
2856 context_buf, buf_len)) != 0) {
2857 mbedtls_printf("failed\n ! mbedtls_base64_encode returned "
2858 "-0x%x\n", (unsigned int) -ret);
2859 mbedtls_free(b64_buf);
2860 goto exit;
2861 }
2862
2863 if ((b64_file = fopen(opt.context_file, "w")) == NULL) {
2864 mbedtls_printf("failed\n ! Cannot open '%s' for writing.\n",
2865 opt.context_file);
2866 mbedtls_free(b64_buf);
2867 goto exit;
2868 }
2869
2870 if (b64_len != fwrite(b64_buf, 1, b64_len, b64_file)) {
2871 mbedtls_printf("failed\n ! fwrite(%ld bytes) failed\n",
2872 (long) b64_len);
2873 mbedtls_free(b64_buf);
2874 fclose(b64_file);
2875 goto exit;
2876 }
2877
2878 mbedtls_free(b64_buf);
2879 fclose(b64_file);
2880
2881 mbedtls_printf("ok\n");
2882 }
2883
2884 if (opt.serialize == 1) {
2885 /* nothing to do here, done by context_save() already */
2886 mbedtls_printf(" . Context has been reset... ok\n");
2887 }
2888
2889 if (opt.serialize == 2) {
2890 mbedtls_printf(" . Freeing and reinitializing context...");
2891
2892 mbedtls_ssl_free(&ssl);
2893
2894 mbedtls_ssl_init(&ssl);
2895
2896 if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
2897 mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned "
2898 "-0x%x\n\n", (unsigned int) -ret);
2899 goto exit;
2900 }
2901
2902 if (opt.nbio == 2) {
2903 mbedtls_ssl_set_bio(&ssl, &server_fd, delayed_send,
2904 delayed_recv, NULL);
2905 } else {
2906 mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send,
2907 mbedtls_net_recv,
2908 opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL);
2909 }
2910
2911 #if defined(MBEDTLS_TIMING_C)
2912 mbedtls_ssl_set_timer_cb(&ssl, &timer,
2913 mbedtls_timing_set_delay,
2914 mbedtls_timing_get_delay);
2915 #endif /* MBEDTLS_TIMING_C */
2916
2917 mbedtls_printf(" ok\n");
2918 }
2919
2920 mbedtls_printf(" . Deserializing connection...");
2921
2922 if ((ret = mbedtls_ssl_context_load(&ssl, context_buf,
2923 buf_len)) != 0) {
2924 mbedtls_printf("failed\n ! mbedtls_ssl_context_load returned "
2925 "-0x%x\n\n", (unsigned int) -ret);
2926
2927 goto exit;
2928 }
2929
2930 mbedtls_free(context_buf);
2931 context_buf = NULL;
2932 context_buf_len = 0;
2933
2934 mbedtls_printf(" ok\n");
2935 }
2936 #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
2937
2938 /*
2939 * 7d. Continue doing data exchanges?
2940 */
2941 if (--opt.exchanges > 0) {
2942 goto send_request;
2943 }
2944
2945 /*
2946 * 8. Done, cleanly close the connection
2947 */
2948 close_notify:
2949 mbedtls_printf(" . Closing the connection...");
2950 fflush(stdout);
2951
2952 /*
2953 * Most of the time sending a close_notify before closing is the right
2954 * thing to do. However, when the server already knows how many messages
2955 * are expected and closes the connection by itself, this alert becomes
2956 * redundant. Sometimes with DTLS this redundancy becomes a problem by
2957 * leading to a race condition where the server might close the connection
2958 * before seeing the alert, and since UDP is connection-less when the
2959 * alert arrives it will be seen as a new connection, which will fail as
2960 * the alert is clearly not a valid ClientHello. This may cause spurious
2961 * failures in tests that use DTLS and resumption with ssl_server2 in
2962 * ssl-opt.sh, avoided by enabling skip_close_notify client-side.
2963 */
2964 if (opt.skip_close_notify == 0) {
2965 /* No error checking, the connection might be closed already */
2966 do {
2967 ret = mbedtls_ssl_close_notify(&ssl);
2968 } while (ret == MBEDTLS_ERR_SSL_WANT_WRITE);
2969 ret = 0;
2970 }
2971
2972 mbedtls_printf(" done\n");
2973
2974 /*
2975 * 9. Reconnect?
2976 */
2977 reconnect:
2978 if (opt.reconnect != 0) {
2979 --opt.reconnect;
2980
2981 mbedtls_net_free(&server_fd);
2982
2983 #if defined(MBEDTLS_TIMING_C)
2984 if (opt.reco_delay > 0) {
2985 mbedtls_net_usleep(1000 * opt.reco_delay);
2986 }
2987 #endif
2988
2989 mbedtls_printf(" . Reconnecting with saved session...");
2990
2991 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
2992 memset(peer_crt_info, 0, sizeof(peer_crt_info));
2993 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
2994
2995 if ((ret = mbedtls_ssl_session_reset(&ssl)) != 0) {
2996 mbedtls_printf(" failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n",
2997 (unsigned int) -ret);
2998 goto exit;
2999 }
3000
3001 if (opt.reco_mode == 1) {
3002 if ((ret = mbedtls_ssl_session_load(&saved_session,
3003 session_data,
3004 session_data_len)) != 0) {
3005 mbedtls_printf(" failed\n ! mbedtls_ssl_session_load returned -0x%x\n\n",
3006 (unsigned int) -ret);
3007 goto exit;
3008 }
3009 }
3010
3011 if ((ret = mbedtls_ssl_set_session(&ssl, &saved_session)) != 0) {
3012 mbedtls_printf(" failed\n ! mbedtls_ssl_set_session returned -0x%x\n\n",
3013 (unsigned int) -ret);
3014 goto exit;
3015 }
3016
3017 #if defined(MBEDTLS_X509_CRT_PARSE_C)
3018 if (opt.reco_server_name != NULL &&
3019 (ret = mbedtls_ssl_set_hostname(&ssl,
3020 opt.reco_server_name)) != 0) {
3021 mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
3022 ret);
3023 goto exit;
3024 }
3025 #endif
3026
3027 if ((ret = mbedtls_net_connect(&server_fd,
3028 opt.server_addr, opt.server_port,
3029 opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
3030 MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP)) != 0) {
3031 mbedtls_printf(" failed\n ! mbedtls_net_connect returned -0x%x\n\n",
3032 (unsigned int) -ret);
3033 goto exit;
3034 }
3035
3036 if (opt.nbio > 0) {
3037 ret = mbedtls_net_set_nonblock(&server_fd);
3038 } else {
3039 ret = mbedtls_net_set_block(&server_fd);
3040 }
3041 if (ret != 0) {
3042 mbedtls_printf(" failed\n ! net_set_(non)block() returned -0x%x\n\n",
3043 (unsigned int) -ret);
3044 goto exit;
3045 }
3046
3047 ret = build_http_request(buf, sizeof(buf) - 1, &len);
3048 if (ret != 0) {
3049 goto exit;
3050 }
3051
3052 #if defined(MBEDTLS_SSL_EARLY_DATA)
3053 if (ssl.conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) {
3054 frags = 0;
3055 written = 0;
3056 do {
3057 while ((ret = mbedtls_ssl_write_early_data(&ssl, buf + written,
3058 len - written)) < 0) {
3059 if (ret == MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA) {
3060 goto end_of_early_data;
3061 }
3062 if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
3063 ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
3064 ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
3065 mbedtls_printf(" failed\n ! mbedtls_ssl_write returned -0x%x\n\n",
3066 (unsigned int) -ret);
3067 goto exit;
3068 }
3069
3070 /* For event-driven IO, wait for socket to become available */
3071 if (opt.event == 1 /* level triggered IO */) {
3072 #if defined(MBEDTLS_TIMING_C)
3073 idle(&server_fd, &timer, ret);
3074 #else
3075 idle(&server_fd, ret);
3076 #endif
3077 }
3078 }
3079
3080 frags++;
3081 written += ret;
3082 } while (written < len);
3083
3084 end_of_early_data:
3085
3086 buf[written] = '\0';
3087 mbedtls_printf(
3088 " %" MBEDTLS_PRINTF_SIZET " bytes of early data written in %" MBEDTLS_PRINTF_SIZET " fragments\n\n%s\n",
3089 written,
3090 frags,
3091 (char *) buf);
3092 }
3093 #endif /* MBEDTLS_SSL_EARLY_DATA */
3094
3095 while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
3096 if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
3097 ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
3098 ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
3099 mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
3100 (unsigned int) -ret);
3101 goto exit;
3102 }
3103 }
3104
3105 mbedtls_printf(" ok\n");
3106
3107 goto send_request;
3108 }
3109
3110 /*
3111 * Cleanup and exit
3112 */
3113 exit:
3114 #ifdef MBEDTLS_ERROR_C
3115 if (ret != 0) {
3116 char error_buf[100];
3117 mbedtls_strerror(ret, error_buf, 100);
3118 mbedtls_printf("Last error was: -0x%X - %s\n\n", (unsigned int) -ret, error_buf);
3119 }
3120 #endif
3121
3122 mbedtls_net_free(&server_fd);
3123
3124 mbedtls_ssl_free(&ssl);
3125 mbedtls_ssl_config_free(&conf);
3126 mbedtls_ssl_session_free(&saved_session);
3127
3128 if (session_data != NULL) {
3129 mbedtls_platform_zeroize(session_data, session_data_len);
3130 }
3131 mbedtls_free(session_data);
3132 #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
3133 if (context_buf != NULL) {
3134 mbedtls_platform_zeroize(context_buf, context_buf_len);
3135 }
3136 mbedtls_free(context_buf);
3137 #endif
3138
3139 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
3140 mbedtls_x509_crt_free(&clicert);
3141 mbedtls_x509_crt_free(&cacert);
3142 mbedtls_pk_free(&pkey);
3143 #if defined(MBEDTLS_USE_PSA_CRYPTO)
3144 psa_destroy_key(key_slot);
3145 #endif
3146 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
3147
3148 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \
3149 defined(MBEDTLS_USE_PSA_CRYPTO)
3150 if (opt.psk_opaque != 0) {
3151 /* This is ok even if the slot hasn't been
3152 * initialized (we might have jumed here
3153 * immediately because of bad cmd line params,
3154 * for example). */
3155 status = psa_destroy_key(slot);
3156 if ((status != PSA_SUCCESS) &&
3157 (opt.query_config_mode == DFL_QUERY_CONFIG_MODE)) {
3158 mbedtls_printf("Failed to destroy key slot %u - error was %d",
3159 (unsigned) MBEDTLS_SVC_KEY_ID_GET_KEY_ID(slot),
3160 (int) status);
3161 if (ret == 0) {
3162 ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
3163 }
3164 }
3165 }
3166 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED &&
3167 MBEDTLS_USE_PSA_CRYPTO */
3168
3169 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
3170 defined(MBEDTLS_USE_PSA_CRYPTO)
3171 /*
3172 * In case opaque keys it's the user responsibility to keep the key valid
3173 * for the duration of the handshake and destroy it at the end
3174 */
3175 if ((opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE)) {
3176 psa_key_attributes_t check_attributes = PSA_KEY_ATTRIBUTES_INIT;
3177
3178 /* Verify that the key is still valid before destroying it */
3179 if (psa_get_key_attributes(ecjpake_pw_slot, &check_attributes) !=
3180 PSA_SUCCESS) {
3181 if (ret == 0) {
3182 ret = 1;
3183 }
3184 mbedtls_printf("The EC J-PAKE password key has unexpectedly been already destroyed\n");
3185 } else {
3186 psa_destroy_key(ecjpake_pw_slot);
3187 }
3188 }
3189 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */
3190
3191 #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
3192 const char *message = mbedtls_test_helper_is_psa_leaking();
3193 if (message) {
3194 if (ret == 0) {
3195 ret = 1;
3196 }
3197 mbedtls_printf("PSA memory leak detected: %s\n", message);
3198 }
3199 #endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
3200
3201 /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto
3202 * resources are freed by rng_free(). */
3203 #if (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) && \
3204 !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
3205 mbedtls_psa_crypto_free();
3206 #endif
3207
3208 rng_free(&rng);
3209
3210 #if defined(MBEDTLS_TEST_HOOKS)
3211 if (test_hooks_failure_detected()) {
3212 if (ret == 0) {
3213 ret = 1;
3214 }
3215 mbedtls_printf("Test hooks detected errors.\n");
3216 }
3217 test_hooks_free();
3218 #endif /* MBEDTLS_TEST_HOOKS */
3219
3220 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
3221 #if defined(MBEDTLS_MEMORY_DEBUG)
3222 mbedtls_memory_buffer_alloc_status();
3223 #endif
3224 mbedtls_memory_buffer_alloc_free();
3225 #endif /* MBEDTLS_MEMORY_BUFFER_ALLOC_C */
3226
3227 // Shell can not handle large exit numbers -> 1 for errors
3228 if (ret < 0) {
3229 ret = 1;
3230 }
3231
3232 if (opt.query_config_mode == DFL_QUERY_CONFIG_MODE) {
3233 mbedtls_exit(ret);
3234 } else {
3235 mbedtls_exit(query_config_ret);
3236 }
3237 }
3238 #endif /* !MBEDTLS_SSL_TEST_IMPOSSIBLE && MBEDTLS_SSL_CLI_C */
3239